David Schwartz wrote:
> Nanno Langstraat:
>> Quote chapter and verse of the OpenSSL API documentation, or desist from
>> such vehement statements.
>> You can not scold an API user for violating rules that are not in the
>> documentation.

> OpenSSL does its best to document where it fails to make SSL connections
> look like TCP connections. It does not always document where it succeeds. It
> is assumed that the programmer is familiar with how TCP works and does not
> need every similarity documented.

Not relevant, because in this respect OpenSSL does deviate from TCP.

TCP can do half-duplex connections (read side shut down, write side
still operating).

OpenSSL can not do half-duplex connections.

An innocent OpenSSL API user is not told that OpenSSL can not do
half-duplex connections and that he must not try.

> What do you see as the difference between OpenSSL's behavior and classic TCP
> behavior in this case?

I hope I answered you adequately in the section above, combined with the
supporting details in my previous emails.


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org