Bidirectional socket communication and SSL_renegotiate.

Mon, 09 Sep 2013 08:10:34 -0700 

Hi,

The client and server that I have in my project runs in a simple 1 socket,
blocking mode environment. The model
is that of a typical producer-consumer one. The client produces data, sends
it to the server. The server
consumes it. Once in a while, the server sends a control message to the
client that the client periodically
receives. Below is a simplified version of the client and server after
enabling them for SSL/TLS communication.

      1 Client:
      2 -------
      3 while (true)
      4 {
      5         if (poll(pollin, timeout=0) || 0 < SSL_pending(ssl))
      6         {
      7                 SSL_read();
      8                 // Handle WANT_READ or WANT_WRITE appropriately.
      9                 // If no error, handle the received control message.
     10         }
     11         // produce data.
     12         while (!poll(pollout))
     13                 ;       // Wait until the TCP/IP pipe is ready for
a send().
     14         SSL_write();
     15         // Handle WANT_READ or WANT_WRITE appropriately.
     16         if (time to renegotiate)
     17                 SSL_renegotiate(ssl);
     18 }
     19
     20 Server:
     21 -------
     22 while (true)
     23 {
     24         if (poll(pollin, timeout=1s) || 0 < SSL_pending(ssl))
     25         {
     26                 SSL_read();
     27                 // Handle WANT_READ or WANT_WRITE appropriately.
     28                 // If no error, consume data.
     29         }
     30         if (control message needs to be sent)
     31         {
     32                 while (!poll(pollout))
     33                         ;       // Wait until the TCP/IP pipe is
ready for a send().
     34                 SSL_write();
     35                 // Handle WANT_READ or WANT_WRITE appropriately.
     36         }
     37 }

The trouble happens when I force, for testing purposes, SSL/TLS
renegotiation by calling SSL_renegoitate()
once in a while on the client (lines 16-17). I don't do any follow up
SSL_do_handshake as I assume the
subsequent SSL_write/SSL_read will take care of it automatically.

The session starts of nice and easy. A few messages are transmitted and in
fact, a few forced SSL/TLS
renegotiations happen successfully as well. But, sometime later, I get an
SSL_ERROR_SSL from SSL_write on the
client and SSL_ERROR_SSL from SSL_read on the server. Below are the error
details:

Client:
-------
error:140940F5:SSL routines:SSL3_READ_BYTES:unexpected record

Server:
-------
error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message

What am I doing wrong? Is there anything that needs to be taken care of
when handling SSL/TLS renegotiations in
cases where bidirectional socket communications is used?

Any help is appreciated.

Thanks,
Karthik.

Reply via email to