> AFAICT if SSL_read returns between the first handshake and the second, you > don't get the problem.
I think it should not matter when or what SSL_read returns. That should only be returning application-level data to the caller. All state manipulations, etc., should be done underneath and completely hidden. So yes, I vote for fixing. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev