Hello, I write application wich should use DTLS, I tested renegotiation in my app and i cannot make it working.
Renegotiation on client: When client calls SSL_renegotiate() and SSL_do_handshake() - "Encrypted Handshake Message" goes to server (I use Wireshark to see what happening). After that server returns SSL_WANT_READ from all functions (SSL_Read(), SSL_do_handshake()), but client blocks (i use blocking sockets on client) and send nothing after that. Looks like server wants one more message, but client sends nothing. Renegotiation on server: If server calls SSL_renegotiate() and SSL_do_handshake() - "Encrypted Handshake Message" goes to client, but client ignores it and continues to send his data (I send some test data packets). If server calls SSL_renegotiate(ssl); SSL_do_handshake(ssl); ssl->state = SSL_ST_ACCEPT; SSL_do_handshake(ssl); as recomended in docs over ther web - "Encrypted Handshake Message" goes to client, client also ignores this message and sends his data, but server sends than "Encrypted Alert" messages. But functions like SSL_is_init_finished() and SSL_in_init() returns "OK" values on client. After that I tried to test renegotiation in example OpenSSL apps "s_client" and "s_server". Starting server: openssl s_server -dtls1 -cert CA\server_cert.pem -key CA\private\key.pem Starting client: openssl s_client -dtls1 -CAfile CA\server_cert.pem -connect 10.0.0.10:4433 Than I type some symbols and they are successfully transmitted in both directions. Than I start renegotiation. No matter where I start renegotiation, after this I cannot type any symbols to transmit anymore. Both client and server hang up. OpenSSL version: OpenSSL 0.9.8g 19 Oct 2007 built on: Tue Dec 11 08:25:22 2007 platform: VC-WIN32 options: bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(idx) compiler: cl /MD /Ox /O2 /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WI N32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_C RT_NONSTDC_NO_DEPRECATE -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_A SM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM -DRMD160_ASM -DOPENSSL_USE_A PPLINK -I. /Fdout32dll -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_TLSEXT -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENG INE OPENSSLDIR: "c:/some/openssl/dir/ssl" OS: Windows XP SP2 32bit Compiler: Visual C++ 2005 Express Edition Hardware: AMD Athlon 64 X2 Pavel ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
