I apologize for the late reply but I got pulled onto something else.
I did some tests by enveloping the calls to ssl read and ssl writes by
mutex.
My re-negotiation still fails. Eventually I traced it down to where it
was failing.
File : s3_pkt.c. Function: ssl3_read_bytes(); (I hope that the
formatting is preserved below).
case SSL3_RT_APPLICATION_DATA:
/* At this point, we were expecting handshake data,
* but have application data. If the library was
* running inside ssl3_read() (i.e. in_read_app_data
* is set) and it makes sense to read application data
* at this point (session renegotiation not yet started),
* we will indulge it.
*/
if (s->s3->in_read_app_data &&
(s->s3->total_renegotiations != 0) &&
((
(s->state & SSL_ST_CONNECT) &&
(s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
(s->state <= SSL3_ST_CR_SRVR_HELLO_A)
) || (
(s->state & SSL_ST_ACCEPT) &&
(s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
(s->state >= SSL3_ST_SR_CLNT_HELLO_A)
)
))
{
s->s3->in_read_app_data=2;
return(-1);
}
else
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
goto f_err;
}
}
The "else" part is getting executed. In other words when expecting
RT_HANDSHAKE data we get
application data as the client is continuously sending data. When there
is no data going then the re-negotiations
work perfectly. Is this what is expected?
Thanks for your help.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz
Sent: Monday, February 07, 2005 6:35 PM
To: openssl-users@openssl.org
Subject: RE: Renegotiation with reader and writer threads.
>My client and server has two threads each: a reader thread and a writer
thread.
>I have put the renegotiation code in the reader thread. It works for
>most of the time but occasionally the client gets an "Encrypted Alert"
>message ( I suspect that this happens when the application data somehow
>gets
in-between).
>How can I do renegotiation if both my client and server communicate on
>a
duplex
>channel with reader and writer threads?
I'm not sure what you mean by "reader" and "writer", but if you
mean that both threads call OpenSSL functions, you will need to
associate a mutex with each connection to ensure that the reader thread
and writer thread are not trying to manipulate that SSL connection at
the same time.
Unlike a TCP connection as presented by the kernel to user
space, an SSL connection is *NOT* two independent directions. It is a
single state machine.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
