> On Sep 6, 2019, at 11:39 AM, Wietse Venema <wie...@porcupine.org> wrote:
>
> SSL_shutdown(), see below. is called ONLY AFTER state->plaintext_buf
> I/O error. But state->plaintext_buf is null until the handshake is
> completed.
>
> OpenSSL may enter the init state later, during session
> renegotiation. How would we detect that?
SSL_IN_INIT(1)
SSL_in_init() returns 1 if the SSL/TLS state machine is currently
processing or awaiting handshake messages, or 0 otherwise.
SSL_in_before() returns 1 if no SSL/TLS handshake has yet been
initiated, or 0 otherwise.
SSL_is_init_finished() returns 1 if the SSL/TLS connection is in a
state where fully protected application data can be transferred or 0
otherwise.
Note that in some circumstances (such as when early data is being
transferred) SSL_in_init(), SSL_in_before() and SSL_is_init_finished()
can all return 0.
SSL_in_connect_init() returns 1 if s is acting as a client and
SSL_in_init() would return 1, or 0 otherwise.
SSL_in_accept_init() returns 1 if s is acting as a server and
SSL_in_init() would return 1, or 0 otherwise.
SSL_in_connect_init() and SSL_in_accept_init() are implemented as
macros.
--
Viktor.
