> On Sep 6, 2019, at 11:39 AM, Wietse Venema <wie...@porcupine.org> wrote: > > SSL_shutdown(), see below. is called ONLY AFTER state->plaintext_buf > I/O error. But state->plaintext_buf is null until the handshake is > completed. > > OpenSSL may enter the init state later, during session > renegotiation. How would we detect that?
SSL_IN_INIT(1) SSL_in_init() returns 1 if the SSL/TLS state machine is currently processing or awaiting handshake messages, or 0 otherwise. SSL_in_before() returns 1 if no SSL/TLS handshake has yet been initiated, or 0 otherwise. SSL_is_init_finished() returns 1 if the SSL/TLS connection is in a state where fully protected application data can be transferred or 0 otherwise. Note that in some circumstances (such as when early data is being transferred) SSL_in_init(), SSL_in_before() and SSL_is_init_finished() can all return 0. SSL_in_connect_init() returns 1 if s is acting as a client and SSL_in_init() would return 1, or 0 otherwise. SSL_in_accept_init() returns 1 if s is acting as a server and SSL_in_init() would return 1, or 0 otherwise. SSL_in_connect_init() and SSL_in_accept_init() are implemented as macros. -- Viktor.