On Mon, Oct 12, 2015 at 04:19:43PM +0000, Matt Caswell via RT wrote: > > Having done some more digging it seems the problem only occurs if you > get the initial handshake, following by a second reneg handshake *and* > interleaved app data all within the scope of a *single* SSL_read call. > AFAICT if SSL_read returns between the first handshake and the second, > you don't get the problem. > > That's starting to sound like quite an unlikely scenario and we're only > hitting it now because of the slightly artificial nature of Hubert's > test. I'm wondering whether "will not fix" is the right response to this > second bug? Thoughts? Having said that it would be nice to have a > reliable test for the interleaved-app data issue.
Are you saying this is 1 TLS record with 2 handshakes in it? >From what I understand, the authentication could change. Doesn't that mean we should make sure the client reads all data with SSL_read() before we tell it authentication changes and that we might have to delay processing some messages until that is done? Kurt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
