How to perform a rehandshake (renegotiation) with OpenSSL API?

Question

How to perform a rehandshake (renegotiation) with OpenSSL API? I need both types: when server initiates and when client initiates a new handshake.

Answer 1

Even though you've probably figured it out by now, I'll leave this as a helpful material for all beginners in OpenSSL mud.

Renegotiation (server requests)

     printf("Starting SSL renegotiation on SSL server (initiating by SSL server)");
       if(SSL_renegotiate(ssl) <= 0){
               printf("SSL_renegotiate() failed\n");
                 exit(1);
        }

          if(SSL_do_handshake(ssl) <= 0){
                     printf("SSL_do_handshake() failed\n");
                 exit(1);
        }

          ssl->state = SSL_ST_ACCEPT;

             if(SSL_do_handshake(ssl) <= 0){
                     printf("SSL_do_handshake() failed\n");
                 exit(1);
     }

Renegotiation (client requests)

 printf("Starting SSL renegotiation on SSL client (initiating by SSL client)");
 if(SSL_renegotiate(ssl) <= 0){
        printf("SSL_renegotiate() failed\n");
        exit(1);
 }
 if(SSL_do_handshake(ssl) <= 0){
        printf("SSL_do_handshake() failed\n");
            exit(1);
 }

(taken from http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html)

Additionally, the other side can handle the request just by calling SSL_read.

To double-check whether the renegotiation succeeded, you can call SSL_renegotiate_pending afterwards.

This page (and related) introduces all the techniques needed to properly implement the server and client (using blocking sockets).