* Graham Leggett: > Is there a way to know whether the initial handshake has arrived fully?
I think you can abort the handshake from within the server name callback with a suitable return value, so this does not really matter. You just have to make sure the alert is never sent to the client, and that you can feed all data processed by OpenSSL to the real server. > Should I just call SSL_read() over and over until the point at which > it wants to write data, and go “initial handshake is done”? This would work. Calling SSL_do_handshake() seems more explicit, though. To be honest, I'm not sure if it is a good idea to graft this in top of OpenSSL. On the other hand, it's likely that successful processing of Client Hellos needs some undocumented magic (to account for misbehaving clients), so it's not just a matter of reimplementing what's described in the TLS 1.2 RFC. (The wire format itself is pretty simple.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
