Ok, so it's kindof working now.
kinda because after a do_handshake, any read on the server server return -1,
but if you ignore this one and continue, subsequent read works.
And data transfer works if back to normal with the new session.
Any reason why the read would fail ?
Are there any setting that i could use on the SSL_CTX that might be helpful.
Or is there a alternative way to handle this.
1) the read would block till renegotiation successfully completes.
2) i don't know, maybe read returns zero.
I don't have access to the server code so possibly can't change the way the
read is performed.
Again any insights would be appreciated.
Thanks
Kunal
From: [EMAIL PROTECTED]
To: openssl-users@openssl.org
Subject: SSL_renegotiate and SSL_do_handshake
Date: Thu, 29 Nov 2007 13:11:04 -0800
Hi ,
I have client that would connects to a server for a long duration of time.
And i'm trying to refresh the session keys.
>From what I have read for open ssl 0.9.7 and up the step to do the same are
>pretty simple.
SSL_renegotiate(SSL *)
SSL_do_handshake(SSL *)
and then to confirm call SSL_renegotiate_pending to check status.
the problem I'm seeing is that i don't see the SSL_renegotiate_pending
returning 0 to indicate
renegotiation completed.
I'm using openssl 0.9.7. and SSL_get_version returning TLSv1, which i think is
fine.
Q1) By the way i'm making this call from the client. should this matter ?
Q2) is there any thing else that i need to do. or am i missing something ?
Any insights would appreciated
-Kunal
here the client code snippet
void run() {
time_t lastRenewTime;
time_t currentTime;
time(&lastRenewTime);
static BIO *out = BIO_new_fp(stdout,BIO_NOCLOSE);
printf("SSL/TLS version : %s \n", SSL_get_version(mySSL));
SSL_SESSION *session = SSL_get_session(mySSL);
printf("session A\n");
SSL_SESSION_print(out, session);
while (1)
{
time(¤tTime);
if ((currentTime - lastRenewTime) > 10)
{
printf("renegotiating ...\n");
SSL_renegotiate(mySSL);
int pending = SSL_renegotiate_pending(mySSL);
int handShake = SSL_do_handshake(mySSL);
int timeout = 20000;
printf("do_handshake %d\n", handShake);
// int );
do {
timeout--;
// i think the actual renegotiate req would only go to server
whenever a data is sent. right ?
SendDataToServer();
SSL_do_handshake(mySSL);
} while(pending && SSL_renegotiate_pending(mySSL) && timeout > 0);
SSL_SESSION *newSession = SSL_get_session(mySSL);
printf("session compare %d\n", SSL_SESSION_cmp(session, newSession));
if (!newSession) {
printf("session B \n");
SSL_SESSION_print(out, session);
}
printf("timeout %d\n", timeout);
if (timeout <= 0)
{
printf("ERROR in refreshing keys\n");
}
}
// read from and write to server.
}
}
Your smile counts. The more smiles you share, the more we donate. Join in!
_________________________________________________________________
Your smile counts. The more smiles you share, the more we donate. Join in.
www.windowslive.com/smile?ocid=TXT_TAGLM_Wave2_oprsmilewlhmtagline
