Re: SSL renegotiation and SSL_bio (more data)

Bodo Moeller Thu, 20 Sep 2001 23:33:59 -0700
Bodo moeller <[EMAIL PROTECTED]>:
> Andy Schneider <[EMAIL PROTECTED]>:

>> I applied the patch and it has allowed me to perform a handshake even
>> when there are writes in-flight. [...]

> Please try the following patch instead.  This should remove the cause
> of the problem.

Eric noticed that this mishandles session statistics and unnecessarily
calls the handshake callback.  Here's a new version of the patch.

(We do call the handshake callback with SSL_CB_HANDSHAKE_START before
sending a HelloRequest, but SSL_CB_HANDSHAKE_DONE is probably wrong
if there was no actual handshake.)


Index: s3_srvr.c
===================================================================
RCS file: /usr/local/openssl/cvs/openssl/ssl/s3_srvr.c,v
retrieving revision 1.49.2.6
diff -u -u -r1.49.2.6 s3_srvr.c
--- s3_srvr.c   2001/09/20 21:36:39     1.49.2.6
+++ s3_srvr.c   2001/09/21 06:51:22
@@ -167,6 +167,7 @@
        long num1;
        int ret= -1;
        int new_state,state,skip=0;
+       int got_new_session=0;
 
        RAND_add(&Time,sizeof(Time),0);
        ERR_clear_error();
@@ -270,9 +271,7 @@
 
                case SSL3_ST_SW_HELLO_REQ_C:
                        s->state=SSL_ST_OK;
-                       ret=1;
-                       goto end;
-                       /* break; */
+                       break;
 
                case SSL3_ST_SR_CLNT_HELLO_A:
                case SSL3_ST_SR_CLNT_HELLO_B:
@@ -281,6 +280,7 @@
                        s->shutdown=0;
                        ret=ssl3_get_client_hello(s);
                        if (ret <= 0) goto end;
+                       got_new_session=1;
                        s->state=SSL3_ST_SW_SRVR_HELLO_A;
                        s->init_num=0;
                        break;
@@ -511,18 +511,23 @@
                        /* remove buffering on output */
                        ssl_free_wbio_buffer(s);
 
-                       s->new_session=0;
                        s->init_num=0;
-
-                       ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
 
-                       s->ctx->stats.sess_accept_good++;
-                       /* s->server=1; */
-                       s->handshake_func=ssl3_accept;
-                       ret=1;
-
-                       if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+                       if (got_new_session) /* skipped if we just sent a HelloRequest 
+*/
+                               {
+                               /* actually not necessarily a 'new' session  */
+                               
+                               s->new_session=0;
+                               
+                               ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+                               
+                               s->ctx->stats.sess_accept_good++;
+                               /* s->server=1; */
+                               s->handshake_func=ssl3_accept;
 
+                               if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+                               }
+                       
                        goto end;
                        /* break; */
 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: SSL renegotiation and SSL_bio (more data)

Reply via email to
