The current prototype almost works. It sends a valid retry packet back to client. The client sends a new initial packet with validation token back. Upon successful token validation new channel is created. The TLS handshake is then supposed to start. Unfortunately what happens is the SSL_accept_connection() returns and server proceeds to SSL_write_ex2() function, which gets blocked. No handshake packets from server appear on wire. All initial packets sent by client seem to be ignored, they just arrive to channel, but I have not traced what happens there afterwards.
When client validation is disabled, the call to SSL_accept_connection() returns after SSL handshake is done. I deem this is a significant symptom worth to investigate why client validation makes SSL_accept_connection() to return before SSL handshake completes. I hope once this will be sorted out, then the client validation will start to work as expected.
mattcaswell
commented
1 week ago
This ticket refers to draft PR #25842.
The current prototype almost works. It sends a valid retry packet back to client. The client sends a new initial packet with validation token back. Upon successful token validation new channel is created. The TLS handshake is then supposed to start. Unfortunately what happens is the
SSL_accept_connection()returns and server proceeds toSSL_write_ex2()function, which gets blocked. No handshake packets from server appear on wire. All initial packets sent by client seem to be ignored, they just arrive to channel, but I have not traced what happens there afterwards.When client validation is disabled, the call to
SSL_accept_connection()returns after SSL handshake is done. I deem this is a significant symptom worth to investigate why client validation makesSSL_accept_connection()to return before SSL handshake completes. I hope once this will be sorted out, then the client validation will start to work as expected.