Hi,
I want to test inline inline renegotiation with openssl. My test code
creates a SSL server and SSL client. Now I want client to unconditionally
re-negotiate the channel after the handshake is successfully. How would the
code look like for that. Currently, I have something on the lines of (only
important pieces shown...error handling removed)..
SSL_Client {
/*Create the initial channel*/
SSL_do_handshake( ctx->ssl);
SSL_renegotiate(ctx->ssl);
retVal = SSL_do_handshake(ctx->ssl);
}
Currently, the first channel gets established properly and re-negotiation
also starts properly but on receiving server hello message client errors out
and sends a fatal error to server.
Any suggestions on how to do this correctly.
Thanks,
Kunal
*Dec 7 17:45:31.735: Handshake start: before connect initialization
*Dec 7 17:45:31.735: SSL_connect:SSL renegotiate ciphers
*Dec 7 17:45:31.735: >>> TLS 1.0 Handshake [length 0031], ClientHello
*Dec 7 17:45:31.735: 01 00 00 2D 03 01 4C FE 72 BC B0 AB A1 72 09 3B
*Dec 7 17:45:31.735: 1B 76 7A D1 40 C8 A7 D3 8D 73 C2 2B 2D 61 FE B2
*Dec 7 17:45:31.735: 2D 11 11 1B 1B 40 00 00 06 00 02 00 04 00 2F 01
*Dec 7 17:45:31.735: 00
*Dec 7 17:45:31.735:
*Dec 7 17:45:31.735: SSL_connect:SSLv3 write client hello A
R1#
*Dec 7 17:45:33.727: >>> TLS 1.0 Alert [length 0002], fatal
unexpected_message
*Dec 7 17:45:33.727: 02 0A
*Dec 7 17:45:33.727:
*Dec 7 17:45:33.727: SSL3 alert write:fatal:unexpected_message
*Dec 7 17:45:33.727: SSL_connect:error in SSLv3 read server hello A
*Dec 7 17:45:33.727: SSL handshake failed
*Dec 7 17:45:33.727: 0:error:140940F5:SSL
routines:SSL3_READ_BYTES:unexpected
record:../VIEW_ROOT/cisco.comp/pki_ssl/src/openssl/dist/ssl/s3_pkt.c:1262:
