Hi, I have Openssl based TLS server where a java jsse (java secure socket extention) client connects. After a bit to exchange the server tries to renegotiate, here's a sample code
ret = SSL_accept (ssl); CHK_SSL_ERR(ret); char buffer[256]; int count = 0; static BIO *out = BIO_new_fp(stdout,BIO_NOCLOSE); SSL_SESSION *session = SSL_get_session(ssl); SSL_SESSION_print(out, session); while(true) { memset(buffer, 0, sizeof(buffer)); if (retryRead(ssl, buffer, sizeof(buffer)) > 0) { sscanf(buffer, "Request :%d", &count); printf(">'%s'\n", buffer); memset(buffer, 0x00, sizeof(buffer)); sprintf(buffer, "Response :%d", count); if (retryWrite(ssl, buffer, strlen(buffer)) <= 0) { printf("ERROR writing response\n"); } if (count != 0 && count % 5 == 0) { SSL_renegotiate(ssl); int pending = SSL_renegotiate_pending(ssl); int handShake = SSL_do_handshake(ssl); int timeout = 200; printf("do_handshake %d\n", handShake); int renegCount = count + 1000; do { timeout--; SSL_do_handshake(ssl); /*memset(buffer, 0, sizeof(buffer)); sprintf(buffer, "renegotiating %d", renegCount++); Write(buffer, strSize); if (Read(buffer, strSize) != strSize) { printf("ERROR: unexpected read size\n"); } printf(">%s\n", buffer);*/ } while(SSL_renegotiate_pending(ssl) && timeout > 0); SSL_SESSION *newSession = SSL_get_session(ssl); if (newSession) { printf("Session B\n"); SSL_SESSION_print(out, newSession); } printf("session compare %d\n", SSL_SESSION_cmp(session, newSession)); printf("timeout %d\n", timeout); if (timeout <= 0) { printf("ERROR in refreshing keys\n"); } } memset(buffer, 0, sizeof(buffer)); } else { printf("Error reading response\n"); } } int retryWrite(SSL *pSSL, char *pBuffer, int pSize) { int ret = SSL_write(pSSL, pBuffer, pSize); while (ret <= 0) { int err = SSL_get_error(pSSL, ret); if (err == SSL_ERROR_WANT_READ) { ret = SSL_write(pSSL, pBuffer, pSize); } else if (err == SSL_ERROR_WANT_WRITE) { ret = SSL_write(pSSL, pBuffer, pSize); } else { printf("ERROR in RetryWrite %d\n", err); return -1; } } return ret; } int retryRead(SSL *pSSL, char *pBuffer, int pSize) { int ret = SSL_read(pSSL, pBuffer, pSize); while (ret <= 0) { int err = SSL_get_error(pSSL, ret); if (err == SSL_ERROR_WANT_READ) { ret = SSL_read(pSSL, pBuffer, pSize); } else if (err == SSL_ERROR_WANT_WRITE) { ret = SSL_read(pSSL, pBuffer, pSize); } else { //ret = SSL_read(pSSL, pBuffer, pSize); printf("ERROR in retryRead %d\n", err); return -1; } } return ret; } I'm (the Openssl TLS server) gets an error at the time of read. And after looking in the openssl sources the error is SSL_ERROR_SSL defined in ssl.h I'm wondering if anyone else ran into this kind of a problem with a java client connecting. The refresh works if a openssl client connects but not with a java ssl one. by the way i'm using java java version "1.5.0_09" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01) Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode) openssl 0.9.8 Is this a limitation with the java implementation of TLS ? Is there a possible work around ? As always any insights would be appreciated. -Kunal _________________________________________________________________ Put your friends on the big screen with Windows Vista® + Windows Live™. http://www.microsoft.com/windows/shop/specialoffers.mspx?ocid=TXT_TAGLM_CPC_MediaCtr_bigscreen_102007