I wrote:
> I'm using OpenSSL 1.0.0 (RPM openssl-1.0.0-20.el6.x86_64)
> on RedHat EL 6.2 and have the following repeatable problem:
>
> OpenSSL is used by PostgreSQL. After a certain number of
> bytes have been transferred, the database server renegotiates
> encryption. This usually works fine here.
>
> However, in a certain situation renegotiation fails.
> The server gets "unexpected record" and the client
> "sslv3 alert unexpected message".
>
> Both client and server use the same OpenSSL version,
> and they should both adhere to RFC 5746.
I researched some more, and the found that during
renegotiation, the server expects a message of type
SSL3_RT_HANDSHAKE, but gets SSL3_RT_APPLICATION_DATA,
which causes the "unexpected record" message.
The error on the client seems to be a consequence
of that.
The code that does the renegotiation looks like this
(simplified):
if (SSL_renegotiate(ssl) <= 0)
{ /* error out */ }
if (SSL_do_handshake(ssl) <= 0)
{ /* error out */ }
if (ssl->state != SSL_ST_OK)
{ /* error out */ }
ssl->state |= SSL_ST_ACCEPT;
SSL_do_handshake(ssl); <---- error happens here
if (ssl->state != SSL_ST_OK)
{ /* error out */ }
Is that code ok?
Is that an OpenSSL bug?
What could cause such behaviour?
Yours,
Laurenz Albe
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
