Hi,
I have Openssl based TLS server where a java jsse (java secure socket
extention) client connects.
After a bit to exchange the server tries to renegotiate,
here's a sample code
ret = SSL_accept (ssl);
CHK_SSL_ERR(ret);
char buffer[256];
int count = 0;
static BIO *out = BIO_new_fp(stdout,BIO_NOCLOSE);
SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_print(out, session);
while(true)
{
memset(buffer, 0, sizeof(buffer));
if (retryRead(ssl, buffer, sizeof(buffer)) > 0)
{
sscanf(buffer, "Request :%d", &count);
printf(">'%s'\n", buffer);
memset(buffer, 0x00, sizeof(buffer));
sprintf(buffer, "Response :%d", count);
if (retryWrite(ssl, buffer, strlen(buffer)) <= 0)
{
printf("ERROR writing response\n");
}
if (count != 0 && count % 5 == 0)
{
SSL_renegotiate(ssl);
int pending = SSL_renegotiate_pending(ssl);
int handShake = SSL_do_handshake(ssl);
int timeout = 200;
printf("do_handshake %d\n", handShake);
int renegCount = count + 1000;
do {
timeout--;
SSL_do_handshake(ssl);
/*memset(buffer, 0, sizeof(buffer));
sprintf(buffer, "renegotiating %d", renegCount++);
Write(buffer, strSize);
if (Read(buffer, strSize) != strSize)
{
printf("ERROR: unexpected read size\n");
}
printf(">%s\n", buffer);*/
}
while(SSL_renegotiate_pending(ssl) && timeout > 0);
SSL_SESSION *newSession = SSL_get_session(ssl);
if (newSession)
{
printf("Session B\n");
SSL_SESSION_print(out, newSession);
}
printf("session compare %d\n", SSL_SESSION_cmp(session,
newSession));
printf("timeout %d\n", timeout);
if (timeout <= 0)
{
printf("ERROR in refreshing keys\n");
}
}
memset(buffer, 0, sizeof(buffer));
}
else
{
printf("Error reading response\n");
}
}
int retryWrite(SSL *pSSL, char *pBuffer, int pSize)
{
int ret = SSL_write(pSSL, pBuffer, pSize);
while (ret <= 0)
{
int err = SSL_get_error(pSSL, ret);
if (err == SSL_ERROR_WANT_READ) {
ret = SSL_write(pSSL, pBuffer, pSize);
}
else if (err == SSL_ERROR_WANT_WRITE) {
ret = SSL_write(pSSL, pBuffer, pSize);
}
else
{
printf("ERROR in RetryWrite %d\n", err);
return -1;
}
}
return ret;
}
int retryRead(SSL *pSSL, char *pBuffer, int pSize)
{
int ret = SSL_read(pSSL, pBuffer, pSize);
while (ret <= 0)
{
int err = SSL_get_error(pSSL, ret);
if (err == SSL_ERROR_WANT_READ) {
ret = SSL_read(pSSL, pBuffer, pSize);
}
else if (err == SSL_ERROR_WANT_WRITE) {
ret = SSL_read(pSSL, pBuffer, pSize);
}
else
{
//ret = SSL_read(pSSL, pBuffer, pSize);
printf("ERROR in retryRead %d\n", err);
return -1;
}
}
return ret;
}
I'm (the Openssl TLS server) gets an error at the time of read.
And after looking in the openssl sources the error is SSL_ERROR_SSL defined in
ssl.h
I'm wondering if anyone else ran into this kind of a problem with a java client
connecting.
The refresh works if a openssl client connects but not with a java ssl one.
by the way i'm using java
java version "1.5.0_09"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01)
Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode)
openssl 0.9.8
Is this a limitation with the java implementation of TLS ?
Is there a possible work around ?
As always any insights would be appreciated.
-Kunal
_________________________________________________________________
Put your friends on the big screen with Windows Vista® + Windows Live™.
http://www.microsoft.com/windows/shop/specialoffers.mspx?ocid=TXT_TAGLM_CPC_MediaCtr_bigscreen_102007
