[openssl-dev] How to do reneg with client certs in 1.1.0 API

[Tomas Mraz]

On Po, 2016-02-08 at 12:34 +0000, Matt Caswell wrote:
> 
> On 08/02/16 12:11, Rainer Jung wrote:
> > 
> Renegotiation isn't entirely within the control of the server. A
> server
> can request that a renegotiation takes place. It is up to the client
> whether it honours that request immediately; or perhaps its finishes
> off
> sending some application data before it gets around to honouring it;
> or
> perhaps it doesn't honour it at all.
> 
> >   SSL_renegotiate(ssl);
> >   SSL_do_handshake(ssl);
> 
> This sequence makes the server send the HelloVerifyRequest. It is
> then
> back in a state where it can continue to receive application data
> from
> the client. At some later point the client may or may not initiate a
> reneg.
> 
> >   SSL_set_state(ssl, SSL_ST_ACCEPT);
> >   SSL_do_handshake(ssl);
> 
> This is really not a good idea, and I suspect is a hack that was
> originally copied from s_server :-). Doing this will make the
> connection
> fail if the client sends application data next (which it is allowed
> to do).
> 
> We don't know what we're going to get next from the client it could
> be
> more application data. It could be an immediate start of a new
> handshake. The correct thing for the server to do is to attempt to
> read
> application data. If we happen to get a handshake instead then it
> will
> be automatically handled.

What if the server wants to discard all the application data that was
sent before the renegotiation completed? Or how the server can
recognize which part of data was received before renegotiation
completed and which after it?

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
(You'll never know whether the road is wrong though.)