I failed to get SSL BIO working. However I can get renogitiation working
if I use the SSL_* functions and (when I need to) do the renegotiation
calls _before_ an SSL_write from the server to the client. If I do the
calls before an SSL_read I get problems. Can anyone confirm that
renegotiation should only take place before an SSL_write? If so, maybe
this is why the SSL BIO doesn't appear to work (since it can do
renegotiation in the read as well as write code I believe). To perform
renegotiation I am doing this:
// Read from client
SSL_read (...)
if (connectionOpenForManyHours) {
SSL_renegotiate (s);
SSL_do_handshake (s);
s->state = SSL_ST_ACCEPT;
SSL_do_handshake (s);
}
...
// Respond to client
SSL_write (...)
Is this what is normally expected?
-----Original Message-----
From: Andy Schneider
Sent: Wed 9/19/2001 10:45 AM
To: [EMAIL PROTECTED]
Cc:
Subject: SSL renegotiation and SSL_bio
I've read all items in the archive and still not come up trumps. I have
a client and server (both using OpenSSL - TLS). They both use the SSL
bio (BIO_f_ssl) to converse. I use BIO_ctrl to set the renegotiation
params to 512 bytes (as a test) and run the system, it fails with a
BAD_MAC_DECODE from SSL3_GET_RECORD (works fine without renegotiation).
My setup code looks like this:
m_sslBio = BIO_new(BIO_f_ssl());
BIO_ctrl (m_sslBio, BIO_C_SET_SSL, 0, m_ssl);
BIO_ctrl (m_sslBio, BIO_C_SSL_MODE, 1, 0); // For client
BIO_ctrl (m_sslBio, BIO_C_SSL_MODE, 0, 0); // For server
All I'm doing in the server is this:
while (true) {
read a 9 byte message.
write a 9 byte message.
}
in the client I do this:
while (true) {
write a 9 byte message.
read a 9 byte message.
}
I found one reference to SSL renegotiation and bad MAC decoding but no
response from anyone.
Any pointers or assistance gratefully appreciated.
Regards,
Andy Schneider.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
winmail.dat
