I've tested versions 1.0.0b and 1.0.1i, both have this problem too. More specifically, it happens only when the application called SSL_write() after peer A starts the renegotiation. If SSL_read() is called instead, those unexpected application data from peer B will be returned.
According to TLS specification, it should be allowed for peer A to send application data to peer B even during the renegotiation, by using current states (instead of pending states) to sign and encrypt. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
