Hi, I have a question about the following code fragment found in eaptls_process in rlm_eap/libeap/eap_tls.c: /* * Decrypt the complete record. */ BIO_write(tls_session->into_ssl, tls_session->dirty_in.data, tls_session->dirty_in.used); /* * Clear the dirty buffer now that we are done with it * and init the clean_out buffer to store decrypted data */ (tls_session->record_init)(&tls_session->dirty_in); (tls_session->record_init)(&tls_session->clean_out); /* * Read (and decrypt) the tunneled data from the * SSL session, and put it into the decrypted * data buffer. */ err = SSL_read(tls_session->ssl, tls_session->clean_out.data, sizeof(tls_session->clean_out.data)); I think, BIO_write sends data out to the peer and SSL_read receives data from the peer here, but the comments suggest something else (like piping the data through decryption within the server). Which version is correct? ;-) Thanks in advance Carolin