Re: I don't get it..
After reviewing the code, I can't help but wonder if C is an appropriate language for critical stuff like ssl. A language where the programmer has the power to return the contents of a chunk of memory to the caller in a critical area like this would be akin to allowing bank tellers access to the entire contents of the bank's vaults to service customer requests. It just makes very little sense.
Time for a rethink and a re-write I think.
Biting the hand that feeds IT
