Changes between Initial Version and Version 1 of Ticket #2179


Ignore:
Timestamp:
May 15, 2019 2:42:09 AM (3 years ago)
Author:
nanang
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #2179 – Description

    initial v1  
     1Zeroing our buffers should be sufficient as we cannot really manage the OpenSSL internal buffers. Moreover, it seems that OpenSSL already does wipe out its internal buffers, i.e: a lot of {{{OpenSSL_cleanse()}}} calls in OpenSSL source code, the function will fill a buffer with garbage or zero. But unfortunately cannot really find official docs about it. 
     2 
     3Additionally, SSL socket pool content will be zeroed before released, it is done using a new API {{{pj_pool_secure_release()}}}. 
     4 
    15Thanks Peter Koletzki for the feedback.