Viktor Dukhovni:
> > On Sep 6, 2019, at 11:39 AM, Wietse Venema <[email protected]> wrote:
> >
> > SSL_shutdown(), see below. is called ONLY AFTER state->plaintext_buf
> > I/O error. But state->plaintext_buf is null until the handshake is
> > completed.
> >
> > OpenSSL may enter the init state later, during session
> > renegotiation. How would we detect that?
>
> SSL_IN_INIT(1)
>
> SSL_in_init() returns 1 if the SSL/TLS state machine is currently
> processing or awaiting handshake messages, or 0 otherwise.
Right. It queries a flag that is set on-the-fly during session
renegotiation.
My next post will have a small patch to stop whitewashing SSL errors
in tlsp_eval_tls_error() after SSL_Shutdown() is called. If that
takes care of the problem then we can avoid tracking OpenSSL internal
state in tlsproxy.
Wietse
