Re: BIO_renegotiate_timeout and BIO_renegotiate_bytes

Fri, 02 Oct 2009 15:00:44 -0700 

I spent some time in the debugger (yeah for open source) and figured out
what's going on. This is a follow up for others who may run into the
same issue.

The auto renegotiate code is handled only by the SSL BIO implementation,
not by the fd BIO implementation (which silently ignores the
BIO_set_ssl_renegotiate_* calls.

My new configuration code looks like the following

    SSL_CTX* ctx;
    BIO* bio = BIO_new_ssl(ctx, false);
    BIO_push(bio, BIO_new_socket((int)fd, 0);
    BIO_set_ssl_renegotiate_bytes(bio, bytes);
    BIO_set_ssl_renegotiate_timeout(bio, seconds);

and calls to

    BIO_get_num_renegotiates(bio)

show periodic increments.

Wayne.



On Thu, 2009-10-01 at 19:49 -0700, Wayne Feick wrote:
> I'm having trouble getting BIO_renegotiate_timeout() and
> BIO_renegotiate_bytes to work, and I'm hoping someone can help me out
> with what I'm doing wrong.
> 
> The socket is initially opened and a connection accepted, and then I
> setup SSL with the following.
> 
>     SSL* ssl = SSL_new(ctx);
>     BIO* bio = BIO_new_socket((int)fd, 0);
>     SSL_set_bio(ssl, bio, bio);
> 
> I then do the following to configure the auto renegotiation.
> 
>     BIO* rbio = SSL_get_rbio(ssl);
>     BIO_set_ssl_renegotiate_bytes(rbio, 1024*1024);
>     BIO_set_ssl_renegotiate_timeout(60);
> 
> Our client/server protocol involves a heartbeat once per second, and in
> there I'm printing out the return value of
> 
>     BIO_get_num_renegotiates(SSL_get_rbio(ssl))
> 
> but it's always 0.
> 
> Is there some other sort of configuration I need to be doing to get this
> to work? I've seen other people ask about this on the list, but never
> any responses. Is anyone using this successfully?
> 
> Thanks,
> Wayne.
> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to