On Tue, Mar 22, 2011 at 08:47:55PM -0700, Claus Assmann wrote:
> On Tue, Mar 22, 2011, Victor Duchovni wrote:
>
> > > client() has some code like this:
> > > SSL_CTX_set_ex_data(a_ctx->a_ssl_ctx, myidx, a_ctx->cb_arg);
> >
> > No, don't do that, the SSL_CTX application context object is global
On Tue, Mar 22, 2011, Victor Duchovni wrote:
> > client() has some code like this:
> > SSL_CTX_set_ex_data(a_ctx->a_ssl_ctx, myidx, a_ctx->cb_arg);
>
> No, don't do that, the SSL_CTX application context object is global.
I was demonstrating that the callback API has some problems.
If the commo
On Mon, Mar 21, 2011 at 08:49:09PM -0700, Claus Assmann wrote:
> On Mon, Mar 21, 2011, Victor Duchovni wrote:
>
> > Can you explain a bit more clearly why you can't initialize an
> > integer index or two when the application starts?
>
> I can, but that's not the problem. Here's an example:
> in
On Mon, Mar 21, 2011, Victor Duchovni wrote:
> Can you explain a bit more clearly why you can't initialize an
> integer index or two when the application starts?
I can, but that's not the problem. Here's an example:
initialize:
SSL_load_error_strings(); ...
ssl_ctx = SSL_CTX_new();
myidx = SSL_C
On Sun, Mar 20, 2011 at 07:13:18PM -0700, Claus Assmann wrote:
> On Sun, Mar 20, 2011, Victor Duchovni wrote:
>
> > once, ... so there needs to be some once-only code in your application,
>
> That's trivial to do and already working fine.
>
> > and setting a write-once global there does not see
On Sun, Mar 20, 2011, Victor Duchovni wrote:
> once, ... so there needs to be some once-only code in your application,
That's trivial to do and already working fine.
> and setting a write-once global there does not seem burdensome.
As Graham points out it makes it hard for some applications to
On 20 Mar 2011, at 9:35 PM, Victor Duchovni wrote:
What's the obstacle to a global variable that is initialized once and
never changes? You also only need to call:
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
once, ... so there needs to be some once-only code in your
On Sun, Mar 20, 2011 at 10:42:28AM -0700, Claus Assmann wrote:
> It seems the official way to use an application
> context is via:
>
> int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
>CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
> int SSL_set_ex_data(SSL *
I'm trying to implement TLS client side session caching, but I'm
running into problems with the OpenSSL callback API. It seems most
callbacks don't pass an application context which makes using them
awkward (at least in my application that doesn't have global
variables). SSL_CTX_set_cert_verify_ca
