I apologize for the late reply but I got pulled onto something else. I did some tests by enveloping the calls to ssl read and ssl writes by mutex.
My re-negotiation still fails. Eventually I traced it down to where it was failing. File : s3_pkt.c. Function: ssl3_read_bytes(); (I hope that the formatting is preserved below). case SSL3_RT_APPLICATION_DATA: /* At this point, we were expecting handshake data, * but have application data. If the library was * running inside ssl3_read() (i.e. in_read_app_data * is set) and it makes sense to read application data * at this point (session renegotiation not yet started), * we will indulge it. */ if (s->s3->in_read_app_data && (s->s3->total_renegotiations != 0) && (( (s->state & SSL_ST_CONNECT) && (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && (s->state <= SSL3_ST_CR_SRVR_HELLO_A) ) || ( (s->state & SSL_ST_ACCEPT) && (s->state <= SSL3_ST_SW_HELLO_REQ_A) && (s->state >= SSL3_ST_SR_CLNT_HELLO_A) ) )) { s->s3->in_read_app_data=2; return(-1); } else { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); goto f_err; } } The "else" part is getting executed. In other words when expecting RT_HANDSHAKE data we get application data as the client is continuously sending data. When there is no data going then the re-negotiations work perfectly. Is this what is expected? Thanks for your help. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz Sent: Monday, February 07, 2005 6:35 PM To: openssl-users@openssl.org Subject: RE: Renegotiation with reader and writer threads. >My client and server has two threads each: a reader thread and a writer thread. >I have put the renegotiation code in the reader thread. It works for >most of the time but occasionally the client gets an "Encrypted Alert" >message ( I suspect that this happens when the application data somehow >gets in-between). >How can I do renegotiation if both my client and server communicate on >a duplex >channel with reader and writer threads? I'm not sure what you mean by "reader" and "writer", but if you mean that both threads call OpenSSL functions, you will need to associate a mutex with each connection to ensure that the reader thread and writer thread are not trying to manipulate that SSL connection at the same time. Unlike a TCP connection as presented by the kernel to user space, an SSL connection is *NOT* two independent directions. It is a single state machine. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]