3

Found another gem in the code-base I've been given to troubleshoot.

Let's call recv(), get the TLS encrypted message, and then call BIO_write() and SSL_read() instead of offloading it to OpenSSL.

Comments
  • 0
    But if we use a library we lose control of the data flow \s
  • 1
    @msdsk "we can't change that, our framework does not have this option"

    ↑↑ I've heard it far too many times. Leading to libraries/frameworks being raped the amateur way.

    Your comment has merit. But it's not a rule that it's OK to give away control of the flow.
  • 0
    @msdsk I've done it myself as well. Adding a cronjob to launch GDB, attach to a Java process to close a FD linked to a TCP socket to an HTTP resource, because there was no way to specify a TCP Read Timeout in the framework we used.
  • 0
    @msdsk I hate to lose control of d data flow too, but sometimes we have to for one or another reason... and that freaks me out...but hey it's not my business after all ;}
  • 0
    OpenSSL has a library...

    Or what is meant by flow?

    I could understand if someone started a CLI to run openssl with data given to stdin that that is a complete loss of data flow...
    ("Things I've seen" trademark)

    But in a library? Why...?
Add Comment