Re: SSL_CTX_set_msg_callback does not invoke for received change_cipher_spec
On 08/14/2017 11:30 PM, Vakul Garg wrote:
I am using openssl s_server and s_client
with ‘-msg’ option to track tls1.2 records being exchanged.
I notice that while transmitted
change_cipher_spec record gets printed.
But the reception of change_cipher_spec
record is not reported.
For the received change_cipher_spec record,
the callback (registered using SSL_set_msg_callback_arg) gets
invoked only for record header, but not for the record
So there is no callback for received
SSL3_RT_CHANGE_CIPHER_SPEC. For the transmitted
change_cipher_spec record, things are fine.
There is no variable content in a ChangeCipherSpec message -- a
single byte of value 1. Are you trying to argue that the callback
still ought to be invoked out of some philosophical sense of
In any case, if I remember correctly, ChangeCipherSpec is processed
at a very low layer and isn't propagated up to the layer that
invokes the message callback, and if one looks at the tradeoff
between extra complexity to propagate it up versus not having a
message callback event for it, there are some reasonable reasons to
prefer the status quo.
Further, message callback invocation is
correct for DTLS1.2 case as well.