On 08/02/16 15:46, Viktor Dukhovni wrote: > >> On Feb 8, 2016, at 9:49 AM, Matt Caswell <[email protected]> wrote: >> >> Actually, yes that is a good point. There could be some subtle security >> issues there. You probably need to additionally check that you are not >> halfway through a handshake: >> >> SSL_renegotiate(ssl); >> SSL_do_handshake(ssl); >> do { >> read_some_app_data(); >> if(no_client_cert_yet() || SSL_in_init(ssl)) { >> discard_app_data(); >> } >> } while(no_client_cert_yet() || SSL_in_init(ssl)); > > Indeed, but discarding the data may not be an option,
Sure. I was answering the specific question posed by Tomas: "What if the server wants to discard all the application data that was sent before the renegotiation completed?" Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
