Adding more options

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Adding more options

Salz, Rich

I see that we’ve used up all 32 bits of options in the SSL structure.  Any thought given on how to extend that?  A 64-bit “long long” seems simplest, but might have issues with some of your older platforms.

 

                /r$

 

-- 

Principal Security Engineer

Akamai Technology

Cambridge, MA

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Adding more options

Dr. Stephen Henson
On Thu, Feb 14, 2013, Salz, Rich wrote:

> I see that we've used up all 32 bits of options in the SSL structure.  Any
> thought given on how to extend that?  A 64-bit "long long" seems simplest,
> but might have issues with some of your older platforms.
>

OpenSSL 1.0.2 has added an extra "cert_flags" field as part of the CERT
structure. Adding things to CERT has the advantage that it is one of the
few structures in the ssl library that has always been opaque.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Adding more options

Salz, Rich
> OpenSSL 1.0.2 has added an extra "cert_flags" field as part of the CERT structure. Adding things to
> CERT has the advantage that it is one of the few structures in the ssl library that has always been opaque.

And so do you change the options from a raw hex number (0x08000 etc) to a bitnumber (17)?

We have some additional options on the SSL structure that we'd like to contribute.  Right now we use "long long"  What should we do, in order to make it most likely you'll take them?

        /r$

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]