On Mon, Jan 27, 2003 at 03:21:45PM -0000, Nigel Spowage wrote: > okay, so the proper way to renegotiate a connection is : > > 1 - call SSL_renegotiate() > 2 - call SSL_do_handshake() > 3 - wait for either > 3a- SSL_renegotiate_pending() to return 0, or > 3b- an acceptable amount of time (which means rengotiation has failed) > 4 - call SSL_renegotiate() > 5 - call SSL_do_handshake() > > is that right ?
SSL_renegotiate() will just set internal flags that tell SSL_do_handshake() to renegotiate, so you will not have to call SSL_renegotiate multiple times; but you may have to repeat the calls to SSL_do_handshake(), which does the actual work. Use SSL_get_error() (as described on its manpage) to find out when SSL_do_handshake() has finished. You do not have to check the return value of SSL_renegotiate_pending() unless you want to be really sure that an actual renegotiation has taken place -- in some cases, if one party requests a renegotiation, the other party can simply ignore this request. (If SSL_renegotiate_pending() returns non-zero, this does necessarily not mean that calling SSL_do_handshake() again will accomplish anything; maybe you're done and the question is just whether the other party will comply with the request for renegotiation.) -- Bodo Möller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
