Hey, this is on fedora 23, though I built openssl 1.0.1k (since it is the version supported on rhel 6) These are the specific test cases that are failing with openssl for us: https://git.gnome.org/browse/glib-networking/tree/tls/tests/connection.c?h=wip/openssl#n1948 https://git.gnome.org/browse/glib-networking/tree/tls/tests/connection.c?h=wip/openssl#n1950 And here is where the second handshake happens: https://git.gnome.org/browse/glib-networking/tree/tls/tests/connection.c?h=wip/openssl#n389 FWIW we are using our own bio: https://git.gnome.org/browse/glib-networking/tree/tls/openssl/gtlsbio.c?h=wip/openssl I can try to get you the pcap packet trace. About " You would normally expect to get an SSL_ERROR_WANT_READ on the client side when the server sends the HelloRequest." Yes this is what I would have expected as well. Cheers. On Fri, Nov 13, 2015 at 11:08 AM, Matt Caswell <matt at openssl.org> wrote: > > > On 13/11/15 08:37, Ignacio Casal wrote: > > Hey guys, > > > > I am having a specific problem that I do not seem to find a solution for. > > > > - I have a server and a client that handshake properly > > - the server will read from the client and the client from the server a > > few bytes > > - the client will try to read again > > - the server will try to handshake again by calling SSL_renegotiate and > > SSL_do_handshake. I get no errors in these calls. > > - then I would expect the client to exit from the read call with an > > error saying that needs to handshake again, instead it stays blocked on > > the read until the server sends some data. But then I get an error > > server side that there was no proper handshaking. > > > > Do you know how to get a notification client side that the client needs > > to handshake again when blocked on a read or write? > > Which OpenSSL version/platform are you using? Can you get a pcap packet > trace and post the specific errors that you are receiving? > > You would normally expect to get an SSL_ERROR_WANT_READ on the client > side when the server sends the HelloRequest. > > Matt > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- Ignacio Casal Quinteiro -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151113/2a9658b4/attachment.html>
