This is a discussion on RE: Getting application data from the final packet in a handshake. - Openssl ; > All - > > I am using OpenSSL with memory BIOs for the communication. I have > everything working just fine, until I came across a server that sends > Application data in the final packet of the TLS ...
> All -
> I am using OpenSSL with memory BIOs for the communication. I have
> everything working just fine, until I came across a server that sends
> Application data in the final packet of the TLS handshake.
> Specifically, Wireshark shows the following in its output :
> Change Cipher Spec, Encrypted Handshake Message, Application Data
> where I am normally used to just :
> Change Cipher Spec, Encrypted Handshake Message
> So, my question is, how do I get at the application data in that packet?
> After the call to SSL_connect() both SSL_pending() and
> BIO_ctrl_pending() are claiming that there are 0 bytes available to read.
> Is there a flag I need to enable? Or some other call?
The BIO_read function exists for this exact purpose. There is no way to tell
for sure whether an SSL_read or BIO_read (of an SSL bio) will be able to
return application data other than to call it and see.
The functions you are using only check for certain specific possible ways
there could be pending data. They are not exhaustive.
Your mistake is in trying to do everything twice, once to figure out what
will happen and then again for real. Since you want to receive data if there
is any, and there's no harm in trying if there isn't any, it is totally
illogical to perform two expensive operations, the first to see if the
second is necessary. It's more logical just to do one. If it's necessary,
you win, one operation instead of two. If it's not, you break even, one
operation either way.
Your method not only has the extra cost of doing an operation twice if it's
possible, but worse fails horribly if the two attempts are not precisely
parallel, and there are many edge cases. This is just the one that's
pestering you now. If you don't fundamentally fix your design, there will be
another one tomorrow too.
Just try to read. Don't try to figure out what will happen if you try.
OpenSSL Project http://www.openssl.org
User Support Mailing List firstname.lastname@example.org
Automated List Manager email@example.com