Re: SSL renegotiation in openssl using blocked sockets
Can anybody help in this
Pradeep A wrote:
This is regarding openssl renegotiation issue in client server
communication.The openssl version is 1.0.1c.
The client and server are establishing the SSL connection using blocking
sockets and communication is fine.The client sends the data and server
receives and send back to client.
When server want to do renegotiation it is done using SSL_renogotiate,
SSL_do_handshake after that setting SSL state as SSL_ST_ACCEPT.
Server Code for renegotiation:
ssl_session_id_context = 1;
SSL_set_session_id_context(ssl, (unsigned char
*)ssl_session_id_context, sizeof(ssl_session_id_context));
if(SSL_renegotiate(ssl) = 0){
printf(SSL_renegotiate() failed\n);
} if( (err = SSL_do_handshake(ssl)) = 0){
printf(SSL_do_handshake() 1 failed %d\n,
SSL_get_error(ssl, err));
ERR_print_errors_fp(stderr);
} ssl-state = SSL_ST_ACCEPT;
printf(Accepted state %d\n, ssl-state);
if( (err = SSL_do_handshake(ssl)) = 0){
printf(SSL_do_handshake() failed %d %d\n, err,
SSL_get_error(ssl, err));
ERR_print_errors_fp(stderr);
}
The client side general behaviour is waiting on console to read data using
SSL_write to send it to server.During this time if server renegotiates and
client side sends any data from console by calling SSL_write the
rehandshake is failed.
Client side code writing data:
ret = SSL_write(ssl, send_data, strlen(send_data));
The following lines are printed at server side returning -1 from second
SSL_do_handshake
3086063264:error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected
record:s3_pkt.c:1404:
The following lines are printed at client side when it is reading using
SSL_read which is returning -1 after it sends data to server
3086079648:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert
unexpected message:s3_pkt.c:1251:SSL alert number 10
3086079648:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c:1151:
In openssl.org for blocking sockets following is given
If the underlying BIO is blocking, SSL_write() will only return, once the
write operation has been finished or an error occurred, except when a
renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
How exactly SSL_write behaves at the clint side when it receives SSL
renogotiation from server. How can the rehandshake be successful in this
case.
--
View this message in context:
http://old.nabble.com/SSL-renegotiation-in-openssl-using-blocked-sockets-tp34005802p34017782.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
SSL renegotiation in openssl using blocked sockets
This is regarding openssl renegotiation issue in client server
communication.The openssl version is 1.0.1c.
The client and server are establishing the SSL connection using blocking
sockets and communication is fine.The client sends the data and server
receives and send back to client.
When server want to do renegotiation it is done using SSL_renogotiate,
SSL_do_handshake after that setting SSL state as SSL_ST_ACCEPT.
Server Code for renegotiation:
ssl_session_id_context = 1;
SSL_set_session_id_context(ssl, (unsigned char
*)ssl_session_id_context, sizeof(ssl_session_id_context));
if(SSL_renegotiate(ssl) = 0){
printf(SSL_renegotiate() failed\n);
} if( (err = SSL_do_handshake(ssl)) = 0){
printf(SSL_do_handshake() 1 failed %d\n,
SSL_get_error(ssl, err));
ERR_print_errors_fp(stderr);
} ssl-state = SSL_ST_ACCEPT;
printf(Accepted state %d\n, ssl-state);
if( (err = SSL_do_handshake(ssl)) = 0){
printf(SSL_do_handshake() failed %d %d\n, err,
SSL_get_error(ssl, err));
ERR_print_errors_fp(stderr);
}
The client side general behaviour is waiting on console to read data using
SSL_write to send it to server.During this time if server renegotiates and
client side sends any data from console by calling SSL_write the rehandshake
is failed.
Client side code writing data:
ret = SSL_write(ssl, send_data, strlen(send_data));
The following lines are printed at server side returning -1 from second
SSL_do_handshake
3086063264:error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected
record:s3_pkt.c:1404:
The following lines are printed at client side when it is reading using
SSL_read which is returning -1 after it sends data to server
3086079648:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert
unexpected message:s3_pkt.c:1251:SSL alert number 10
3086079648:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c:1151:
In openssl.org for blocking sockets following is given
If the underlying BIO is blocking, SSL_write() will only return, once the
write operation has been finished or an error occurred, except when a
renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
How exactly SSL_write behaves at the clint side when it receives SSL
renogotiation from server. How can the rehandshake be successful in this
case.
--
View this message in context:
http://old.nabble.com/SSL-renegotiation-in-openssl-using-blocked-sockets-tp34005802p34005802.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
some quiry
I Have a CSP (DLL) which support PROV_RSA_FULL. I wann to plugin my CSP in OPENSSL crypto engine. . Is it possible to write a wrapper on top of the CSP dll and plugin with Open SSL crypto engine ? Pleas eprovide some procedure and high level concept. Thanks Pradeep __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
