> Okay, interesting development. If I put a sleep(5); on the C client
> before I issue SSL_connect (but after I BIO_write "ssl on\n"),
> everything works fine. Otherwise both client and server deadlock on
> read/recv.
Makes perfect sense. The problem is that the server has already received
the SSL handshake as non-SSL data before it gets the 'ssl on' and manages to
change its mode to SSL.
The problem is that you send 'ssl on', then immediately switch to SSL
mode,
and then send the first part of the SSL handshake. When the server goes to
receive the data, it receives 'ssl on\n<SSL handshake>' and recognizes the
'ssl on' and turns on SSL mode. But that chunk of the SSL handshake has
already been received and bypasses the SSL engine because it wasn't enabled
at the time the data was sent.
The usual solution is to have the server send a reply to the 'ssl on'
*before* the client goes into SSL mode, ensuring that the server is in SSL
mode when it receives the handshake.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
