Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P2: Important
Fix Version/s: 5.12.0 Alpha
Affects Version/s: 5.11, 5.12
Component/s: Network: SSL
Labels:
None

Platform/s:

macOS
Commits:
8e1e275f8f45fab9d035e86c9caba1f03db43373

Description

After the initial handshake is complete, our connection is considered to be encrypted. Then we send an HTTP request. Apparently we have a server that requires a client's certificate when we are trying to access some restricted resource. So SSLRead instead of reading for us some data starts a renegotiation (re-handshake) and the session switches from kSSLConnected to kSSLHandshake. The result code that we have back from this SSLRead is not the expected errSSLWouldBlock but errSSLClientCertRequested instead and here we fail to handle the renegotiation correctly.

Also it appears that any renegotiation attempt (even without a client certificate request) is failing.

As a reproducer - a simple Qt-based client app + openssl s_server and its command 'R' (after the client connected) can be used. 'R' renegotiates TLS session and also requests a client certificate (edit: 'r' will trigger the same behavior).

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Timur Pocheptsov

Reporter:: Timur Pocheptsov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11 Jul '18 12:57

Updated:: 14 Sep '18 07:25

Resolved:: 27 Jul '18 16:13

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

SecureTransport - implement renegotiations: Gerrit Review: