Can anybody help in this
Pradeep A wrote:
>
>
>
>
> This is regarding openssl renegotiation issue in client server
> communication.The openssl version is 1.0.1c.
>
> The client and server are establishing the SSL connection using blocking
> sockets and communication is fine.The client sends the data and server
> receives and send back to client.
>
> When server want to do renegotiation it is done using SSL_renogotiate,
> SSL_do_handshake after that setting SSL state as SSL_ST_ACCEPT.
>
> Server Code for renegotiation:
>
> ssl_session_id_context = 1;
> SSL_set_session_id_context(ssl, (unsigned char
> *)&ssl_session_id_context, sizeof(ssl_session_id_context));
> if(SSL_renegotiate(ssl) <= 0){
> printf("SSL_renegotiate() failed\n");
> } if( (err = SSL_do_handshake(ssl)) <= 0){
> printf("SSL_do_handshake() 1 failed %d\n",
> SSL_get_error(ssl, err));
> ERR_print_errors_fp(stderr);
> } ssl->state = SSL_ST_ACCEPT;
> printf("Accepted state %d\n", ssl->state);
> if( (err = SSL_do_handshake(ssl)) <= 0){
> printf("SSL_do_handshake() failed %d %d\n", err,
> SSL_get_error(ssl, err));
> ERR_print_errors_fp(stderr);
> }
>
>
>
> The client side general behaviour is waiting on console to read data using
> SSL_write to send it to server.During this time if server renegotiates and
> client side sends any data from console by calling SSL_write the
> rehandshake is failed.
>
> Client side code writing data:
>
> ret = SSL_write(ssl, send_data, strlen(send_data));
>
>
> The following lines are printed at server side returning -1 from second
> SSL_do_handshake
>
> 3086063264:error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected
> record:s3_pkt.c:1404:
>
> The following lines are printed at client side when it is reading using
> SSL_read which is returning -1 after it sends data to server
>
> 3086079648:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert
> unexpected message:s3_pkt.c:1251:SSL alert number 10
> 3086079648:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
> failure:s3_pkt.c:1151:
>
> In openssl.org for blocking sockets following is given
>
> If the underlying BIO is blocking, SSL_write() will only return, once the
> write operation has been finished or an error occurred, except when a
> renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
>
> How exactly SSL_write behaves at the clint side when it receives SSL
> renogotiation from server. How can the rehandshake be successful in this
> case.
>
>
--
View this message in context:
http://old.nabble.com/SSL-renegotiation-in-openssl-using-blocked-sockets-tp34005802p34017782.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
