Hello
> I have some doubts over the ssl buffer. Let I put my questions below
>
> 1. What happens when the server keeps on writing and no data has been
> read from the client?, Is there any possibility of buffer overflow?.
> Please explain this senarion briefly.

This depends on protocol that caries SSL record rather than SSL.
If server sends SSL records over TCP and client is not reading
this data then operating system network buffers collect this data until
has free space. Next action depends on TCP layer how for example
client TCP stack will inform server TCP stack to not send more
data. There are some algorithms in TCP to avoid congesting the
network which may mean: avoid send data faster than the host on the
other end can utilize it.

> 2. Assume that during the ssl handshake we have some un read data in
> the ssl buffer. When the application is crashed or closed in the
> middle of the transacion will that the buffer(which holds the un read
> data ) will lead to memory leaking.

Memory buffers ale allocated on initializing SSL object and are used
for reading/writing SSL records. When process is terminated all memory
allocated by this process (maybe without shared memory) are
returned to system. In general if you free SSL object after successful
or failed handshake there should be no memory leak.
(remember of error stack free in threads).

> 3. Where the ssl have its default buffer?, either in stack or heap
> locations?

Dynamically allocated in SSL object which means in heap.

Best regards,
--
Marek Marcola

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org