I'm just becoming familiar with TLS and I'm trying to understand it by reading the 8.1 freeradius code. I don't quite have the ability to run it yet. One thing i don't understand: in tls.c, the routine tls_handshake_recv are the following lines:
if (ssn->info.content_type != application_data) { err = BIO_read(ssn->from_ssl, ssn->dirty_out.data, MAX_RECORD_SIZE); MAX_RECORD_SIZE is defined as 16k. But TLS messages can span records - a certificate can be 16 Meg. I don't see any path to get back in here and do another BIO_read to get the rest of the message (once dirty_out has been emptied by transmitting it as EAP packets), without being triggered to do so by receiving another handshake message. So if we were sending, say, a 16 Meg cert, how would the subsequent records be read from the BIO and transmitted? We will receive EAP fragment acks, but those don't appear to come back in to tls_handshake_recv. Apologies if I've missed something obvious here. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html