Shashank,
I don't think there is a workaround for this. I've faced this very
recently and the only solution is to modify your application protocol
in a way that allows renegotiation to happen when things are quiet.
I've rambled about it before in OpenSSL forums :
http://marc.info/?l=openssl-users
Occasionally (1% of the time), my SSL client throws a "digest check
failed" when connecting to the server. The server gets the alert
"decrypt error". The scenario is this:
1. The client and server establish a successful handshake and dump the
remote side's SSL information (including the session ID
I have an application built across various Unix flavors that uses
OpenSSL for SSL/TLS communication. I wanted to enable FIPS mode for my
application. But, it seems like not all OpenSSL version provides the
FIPS_mode_set wrapper function.
Basically, I want to be able to seamlessly call FIPS_mode_se
If SSL_read returns SSL_ERROR_WANT_READ, it is perfectly reasonable to
go ahead and call SSL_write or the other way around. Otherwise, it
would be impossible to do full-duplex SSL communication with OpenSSL.
I recently ran into a host of similar questions (and issues) and I got
most of my questions
Hi,
The client and server that I have in my project runs in a simple 1 socket,
blocking mode environment. The model
is that of a typical producer-consumer one. The client produces data, sends
it to the server. The server
consumes it. Once in a while, the server sends a control message to the
clien
Steve,
Thanks much for the reply. I did not realize that EVP_PKEY structures
can have their own callbacks. It's a few extra hoops, but worth it!
Thanks,
Karthik
On Wed, Jul 24, 2013 at 8:15 AM, Dr. Stephen Henson wrote:
> On Tue, Jul 23, 2013, Karthik Krishnamurthy wrote:
>
>>
OpenSSL provides multiple SSL objects to be created from a single SSL_CTX
object and each SSL object can use a different privatekey file
(SSL_use_PrivateKey_file).
Given this flexibility, I don't see an option to have a password callback
function per SSL object. The callbacks are provided only on