Re: SSL renegotiation in openssl using blocked sockets
Can anybody help in this Pradeep A wrote: This is regarding openssl renegotiation issue in client server communication.The openssl version is 1.0.1c. The client and server are establishing the SSL connection using blocking sockets and communication is fine.The client sends the data and server receives and send back to client. When server want to do renegotiation it is done using SSL_renogotiate, SSL_do_handshake after that setting SSL state as SSL_ST_ACCEPT. Server Code for renegotiation: ssl_session_id_context = 1; SSL_set_session_id_context(ssl, (unsigned char *)ssl_session_id_context, sizeof(ssl_session_id_context)); if(SSL_renegotiate(ssl) = 0){ printf(SSL_renegotiate() failed\n); } if( (err = SSL_do_handshake(ssl)) = 0){ printf(SSL_do_handshake() 1 failed %d\n, SSL_get_error(ssl, err)); ERR_print_errors_fp(stderr); } ssl-state = SSL_ST_ACCEPT; printf(Accepted state %d\n, ssl-state); if( (err = SSL_do_handshake(ssl)) = 0){ printf(SSL_do_handshake() failed %d %d\n, err, SSL_get_error(ssl, err)); ERR_print_errors_fp(stderr); } The client side general behaviour is waiting on console to read data using SSL_write to send it to server.During this time if server renegotiates and client side sends any data from console by calling SSL_write the rehandshake is failed. Client side code writing data: ret = SSL_write(ssl, send_data, strlen(send_data)); The following lines are printed at server side returning -1 from second SSL_do_handshake 3086063264:error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected record:s3_pkt.c:1404: The following lines are printed at client side when it is reading using SSL_read which is returning -1 after it sends data to server 3086079648:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1251:SSL alert number 10 3086079648:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:1151: In openssl.org for blocking sockets following is given If the underlying BIO is blocking, SSL_write() will only return, once the write operation has been finished or an error occurred, except when a renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. How exactly SSL_write behaves at the clint side when it receives SSL renogotiation from server. How can the rehandshake be successful in this case. -- View this message in context: http://old.nabble.com/SSL-renegotiation-in-openssl-using-blocked-sockets-tp34005802p34017782.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
SSL renegotiation in openssl using blocked sockets
This is regarding openssl renegotiation issue in client server communication.The openssl version is 1.0.1c. The client and server are establishing the SSL connection using blocking sockets and communication is fine.The client sends the data and server receives and send back to client. When server want to do renegotiation it is done using SSL_renogotiate, SSL_do_handshake after that setting SSL state as SSL_ST_ACCEPT. Server Code for renegotiation: ssl_session_id_context = 1; SSL_set_session_id_context(ssl, (unsigned char *)ssl_session_id_context, sizeof(ssl_session_id_context)); if(SSL_renegotiate(ssl) = 0){ printf(SSL_renegotiate() failed\n); } if( (err = SSL_do_handshake(ssl)) = 0){ printf(SSL_do_handshake() 1 failed %d\n, SSL_get_error(ssl, err)); ERR_print_errors_fp(stderr); } ssl-state = SSL_ST_ACCEPT; printf(Accepted state %d\n, ssl-state); if( (err = SSL_do_handshake(ssl)) = 0){ printf(SSL_do_handshake() failed %d %d\n, err, SSL_get_error(ssl, err)); ERR_print_errors_fp(stderr); } The client side general behaviour is waiting on console to read data using SSL_write to send it to server.During this time if server renegotiates and client side sends any data from console by calling SSL_write the rehandshake is failed. Client side code writing data: ret = SSL_write(ssl, send_data, strlen(send_data)); The following lines are printed at server side returning -1 from second SSL_do_handshake 3086063264:error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected record:s3_pkt.c:1404: The following lines are printed at client side when it is reading using SSL_read which is returning -1 after it sends data to server 3086079648:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1251:SSL alert number 10 3086079648:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:1151: In openssl.org for blocking sockets following is given If the underlying BIO is blocking, SSL_write() will only return, once the write operation has been finished or an error occurred, except when a renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. How exactly SSL_write behaves at the clint side when it receives SSL renogotiation from server. How can the rehandshake be successful in this case. -- View this message in context: http://old.nabble.com/SSL-renegotiation-in-openssl-using-blocked-sockets-tp34005802p34005802.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
some quiry
I Have a CSP (DLL) which support PROV_RSA_FULL. I wann to plugin my CSP in OPENSSL crypto engine. . Is it possible to write a wrapper on top of the CSP dll and plugin with Open SSL crypto engine ? Pleas eprovide some procedure and high level concept. Thanks Pradeep __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]