ssl3_get_record silently discards empty records without much context, which means OpenSSL will happily accept, e.g., empty app data records mid-handshake or empty records of bogus type. They get silently discarded and never returned to the caller, so this is harmless, just a little odd.
This is what we did to fix it: https://boringssl.googlesource.com/boringssl.git/+/4cf369b9204f066e0ffac8fa583bd19e72c82592%5E%21/ Something similar would probably work. The AppDataBeforeHandshake-Empty and AppDataAfterChangeCipherSpec-Empty tests in BoringSSL's test suite can be used to repro this: https://mta.openssl.org/pipermail/openssl-dev/2016-March/005779.html David -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4395 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
