SSL renegotiation in openssl using blocked sockets

Wed, 13 Jun 2012 07:06:43 -0700 



This is regarding openssl renegotiation issue in client server
communication.The openssl version is 1.0.1c.

The client and server are establishing the SSL connection using blocking
sockets and communication is fine.The client sends the data and server
receives and send back to client.

When server want to do renegotiation it is done using SSL_renogotiate,
SSL_do_handshake after that setting SSL state as SSL_ST_ACCEPT.

                   Server Code for renegotiation:

                    ssl_session_id_context = 1;
                    SSL_set_session_id_context(ssl, (unsigned char
*)&ssl_session_id_context, sizeof(ssl_session_id_context));
                    if(SSL_renegotiate(ssl) <= 0){
                        printf("SSL_renegotiate() failed\n");
                    }       if( (err = SSL_do_handshake(ssl)) <= 0){
                        printf("SSL_do_handshake() 1 failed %d\n",
SSL_get_error(ssl, err));
                        ERR_print_errors_fp(stderr);
                    }       ssl->state = SSL_ST_ACCEPT;
                    printf("Accepted state %d\n", ssl->state);
                    if( (err = SSL_do_handshake(ssl)) <= 0){
                        printf("SSL_do_handshake() failed %d %d\n", err,
SSL_get_error(ssl, err));
                        ERR_print_errors_fp(stderr);
                    }



The client side general behaviour is waiting on console to read data using
SSL_write to send it to server.During this time if server renegotiates and
client side sends any data from console by calling SSL_write the rehandshake
is failed.

                Client side code writing data:

                ret = SSL_write(ssl, send_data, strlen(send_data));


The following lines are printed at server side returning -1 from second
SSL_do_handshake 

3086063264:error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected
record:s3_pkt.c:1404:

The following lines are printed at client side when it is reading using
SSL_read which is returning -1 after it sends data to server

3086079648:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert
unexpected message:s3_pkt.c:1251:SSL alert number 10
3086079648:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c:1151:

In openssl.org for blocking sockets following is given

If the underlying BIO is blocking, SSL_write() will only return, once the
write operation has been finished or an error occurred, except when a
renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.

How exactly SSL_write behaves at the clint side when it receives SSL
renogotiation from server. How can the rehandshake be successful in this
case.
 
-- 
View this message in context: 
http://old.nabble.com/SSL-renegotiation-in-openssl-using-blocked-sockets-tp34005802p34005802.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to