Have some queries on the way IE is handling SSL Renegotiation.
1. Whenever IE receives a "Client Cert" req from the Server, say when it
is talking for the 1st time (IE gonna connect to this ssl server for the
very 1st time), it immediately closes the TCP connection abrubtly by
sending a FIN..now is this coz of some errors on the Server? The next
connection from IE to the server, works fine and the client cert is sent
out and renegotiation is completed on the same TCP connection..what I
further notice is this is happening everytime I switch the Server CTX from
"SSL_VERIFY_NONE" to "SSL_VERIFY_PEER" and vice versa..why is there is
extra TCP connection?
2. When there are no client certs configured on the IE, it seems to send
NULL Certificate..I mean I see the "certificate" message go out..but has
ZERO payload length!!!? Can Openssl validate this?
3. Once the ssl renegotiation is through, how can the application know
that the renegotiation succeeded and the client cert that was got is
By manipulating the SSL_OBJ i lose all the previous connection specific
I really dont know why SSL Renegotiation is happening over 2 TCP
connections via IE..anyone experienced this before? Mozilla/Netscape are