SSL_renegotiate and SSL_do_handshake

k b Thu, 29 Nov 2007 13:11:34 -0800

Hi ,
I have client that would connects to a server for a long duration of time. 
And i'm trying to refresh the session keys.


>From what I have read for open ssl 0.9.7 and up the step to do the same are 
>pretty simple.

SSL_renegotiate(SSL *)
SSL_do_handshake(SSL *)

and then to confirm call SSL_renegotiate_pending to check status.

the problem I'm seeing is that i don't see the SSL_renegotiate_pending 
returning 0 to indicate 
renegotiation completed.
I'm using openssl 0.9.7. and SSL_get_version returning TLSv1, which i think is 
fine.

Q1) By the way i'm making this call from the client. should this matter ? 
Q2) is there any thing else that i need to do. or am i missing something ?

Any insights would appreciated

-Kunal 


here the client code snippet 

void run() {
time_t lastRenewTime;
time_t currentTime;

time(&lastRenewTime);
static BIO *out = BIO_new_fp(stdout,BIO_NOCLOSE);

printf("SSL/TLS version : %s \n", SSL_get_version(mySSL));
SSL_SESSION *session = SSL_get_session(mySSL);

printf("session A\n");
SSL_SESSION_print(out, session);

while (1)
{
    time(&currentTime);

    if ((currentTime - lastRenewTime) > 10)
    {
        printf("renegotiating ...\n");
        SSL_renegotiate(mySSL);
        int pending = SSL_renegotiate_pending(mySSL);
        int handShake = SSL_do_handshake(mySSL);
        int timeout = 20000;

        printf("do_handshake %d\n", handShake);
        // int );
        do {
            timeout--;
            // i think the actual renegotiate req would only go to server 
whenever a data is sent. right ?
            SendDataToServer();
            SSL_do_handshake(mySSL);
            
        } while(pending && SSL_renegotiate_pending(mySSL) && timeout > 0);
        
        SSL_SESSION *newSession = SSL_get_session(mySSL);
        printf("session compare %d\n", SSL_SESSION_cmp(session, newSession));
        if (!newSession)  {
            printf("session B \n");
            SSL_SESSION_print(out, session);

        }

        printf("timeout %d\n", timeout);
        if (timeout <= 0)
        {
            printf("ERROR in refreshing keys\n");
        }
    }
    // read from and write to server.
}
}

_________________________________________________________________
Your smile counts. The more smiles you share, the more we donate.  Join in.
www.windowslive.com/smile?ocid=TXT_TAGLM_Wave2_oprsmilewlhmtagline

SSL_renegotiate and SSL_do_handshake

Reply via email to