[openssl-dev] How to do reneg with client certs in 1.1.0 API

[Viktor Dukhovni]

> On Feb 8, 2016, at 9:49 AM, Matt Caswell <matt at openssl.org> wrote:
> 
> Actually, yes that is a good point. There could be some subtle security
> issues there. You probably need to additionally check that you are not
> halfway through a handshake:
> 
> SSL_renegotiate(ssl);
> SSL_do_handshake(ssl);
> do {
>    read_some_app_data();
>    if(no_client_cert_yet() || SSL_in_init(ssl)) {
>        discard_app_data();
>    }
> } while(no_client_cert_yet() || SSL_in_init(ssl));

Indeed, but discarding the data may not be an option,
that could lead to dead-lock, rather one might need
to process it, in the proper context (pre-authentication).
The proper handling of client data between the renegotiation
request and its completion depends on the application protocol.

The important thing is that OpenSSL should (does) not delay the
visibility of data that was read before renegotiation completes,
until after such completion.

-- 
-- 
	Viktor.