On 27 Sep 2006, at 10:20, David Schwartz wrote:

>> Then the problem: when i am doing SSL_write,
>> it does return full length of the packet i send,

> You don't send packets to SSL_write, you send bytes. It returns the
> number
> of bytes sent, and if the other end doesn't receive that number of
> bytes
> (possibly in multiple call to SSL_read), you have found a problem.

Other side would return an error message:

ORA-31154: invalid XML document
ORA-19202: Error occurred in XML processing
LSX-00213: only 0 occurrences of particle "greeting",
minimum is 1

It is totally confused, that is: i, as a client would never send
greeting. One thing
possible is that it got only part of the document. Second thing is
two login attempts,
which is an error.

>> but
>> ethereal shows *two* application level packets.

> It's not completely clear what you mean by "application level
> packets". SSL
> is a byte-stream protocol. It guarantees only that the other end will
> receive the same bytes in the same order. It does not glue bytes
> together in
> a way the application can use.
> There is no special reason you should care (except perhaps for
> performance/efficiency reasons) if you send 100 bytes and SSL sends
> them as
> a single 100-byte chunk or 100 1-byte chunks

tshark dump is following:

72664.019667 -> TLSv1 [TCP Retransmission]
Server Hello, Certificate, Server Key Exchange, Server Hello Done
72664.035083 -> TCP 7700 > 7700 [ACK]
Seq=2996013302 Ack=106323215 Win=65535 Len=0 TSV=1368546303
72664.634056 -> TLSv1 [TCP Retransmission]
Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
72664.663229 -> TLSv1 [TCP Retransmission]
Change Cipher Spec
72664.663315 -> TCP 7700 > 7700 [ACK]
Seq=2996013492 Ack=106323221 Win=65535 Len=0 TSV=1368546305
72664.665924 -> TLSv1 [TCP Retransmission]
Encrypted Handshake Message
72664.665956 -> TCP 7700 > 7700 [ACK]
Seq=2996013492 Ack=106323266 Win=65535 Len=0 TSV=1368546305
72664.675862 -> TLSv1 [TCP Retransmission]
Application Data, Application Data

this after one call of SSL_write. As you see, SSL is transmitting two
separate application data packets.

> .
>> The packet indedd contains 0x00s. Can this be a
>> problem ?

> Are you trying to manually decrypt the data? Why do you care what
> bytes the
> packets contain? You shouldn't be looking at the TCP level except to
> diagnose a problem at the SSL level. Do you have a problem?

The problem is having two application data packets, when i call
SSL_write only once. And yes, i want
to decrypt these two packets, to see what they contain. Even if they
both are valid packets, this would
be an error, as i said. As for 0x00, this one is the cwise end-of-the-
string. Some application have separate
function call for handling date containing it..



__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org