This patch works. However it is also worth noting that my tests expose a
minor caveat. If a client and server request handshakes thus:
Server:
Read
Renegotiate
Read
Write
Client:
Write
Renegotiate
Read
Write
The client will hang stuck in this loop (in ssl3_get_message):
init_num == 4 and (p[1] == 0 && p[2] == 0 &&p[3] == 0) is true.
do
{
while (s->init_num < 4)
{
i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
4 - s->init_num, 0);
if (i <= 0)
{
s->rwstate=SSL_READING;
*ok = 0;
return i;
}
s->init_num+=i;
}
skip_message = 0;
if (!s->server)
if (p[0] == SSL3_MT_HELLO_REQUEST)
/* The server may always send
'Hello Request' messages --
* we are doing a handshake
anyway now, so ignore them
* if their format is correct.
Does not count for
* 'Finished' MAC. */
if (p[1] == 0 && p[2] == 0
&&p[3] == 0)
skip_message = 1;
}
while (skip_message);
> -----Original Message-----
> From: Bodo moeller [mailto:[EMAIL PROTECTED]]
> Sent: 21 September 2001 00:59
> To: [EMAIL PROTECTED]
> Cc: Andy Schneider
> Subject: Re: SSL renegotiation and SSL_bio (more data)
>
>
> Andy Schneider <[EMAIL PROTECTED]>:
>
> > I applied the patch and it has allowed me to perform a
> handshake even
> > when there are writes in-flight. For the record then (and
> those who have
> > wrestled with SSL_renegotiate and have found this through a search):
> >
> > 1) I use SSL_renegotiate () and SSL_read (ssl, 0, 0) on the
> server to
> > request a handshake and a monitor SSL_read/SSL_writes within a
> > timeout
> > for a handshake. I do not fail if SSL_read (ssl, 0, 0)
> doesn't return
> > SSL_ERROR_WANT_READ because there maybe data in-flight.
> >
> > 3) I use just SSL_renegotiate on the client when I want to request a
> > handshake and apply the same logic as above.
>
>
> Please try the following patch instead. This should remove the cause
> of the problem.
>
> Index: s3_srvr.c
> ===================================================================
> RCS file: /usr/local/openssl/cvs/openssl/ssl/s3_srvr.c,v
> retrieving revision 1.49.2.6
> diff -u -u -r1.49.2.6 s3_srvr.c
> --- s3_srvr.c 2001/09/20 21:36:39 1.49.2.6
> +++ s3_srvr.c 2001/09/20 23:57:27
> @@ -270,9 +270,7 @@
>
> case SSL3_ST_SW_HELLO_REQ_C:
> s->state=SSL_ST_OK;
> - ret=1;
> - goto end;
> - /* break; */
> + break;
>
> case SSL3_ST_SR_CLNT_HELLO_A:
> case SSL3_ST_SR_CLNT_HELLO_B:
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
