Fix some bugs and document others

[openssl.git] / ssl / s3_both.c
diff --git a/ssl/s3_both.c b/ssl/s3_both.c

index f1a9282f0efead5bd19ec9e1763fe716ce0c8aef..035a937ba7ce74effe826df4acc410ab41dcd14c 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -342,14 +342,15 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                         SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
                         goto f_err;
                         }
                         SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
                         goto f_err;
                         }
-               if((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
+               if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
                                         (st1 == SSL3_ST_SR_CERT_A) &&
                                         (stn == SSL3_ST_SR_CERT_B))
                         {
                         /* At this point we have got an MS SGC second client
                          * hello (maybe we should always allow the client to
                          * start a new handshake?). We need to restart the mac.
                                         (st1 == SSL3_ST_SR_CERT_A) &&
                                         (stn == SSL3_ST_SR_CERT_B))
                         {
                         /* At this point we have got an MS SGC second client
                          * hello (maybe we should always allow the client to
                          * start a new handshake?). We need to restart the mac.
-                        */
+                        * Don't increment {num,total}_renegotiations because
+                        * we have not completed the handshake. */
                         ssl3_init_finished_mac(s);
                         }
  
                         ssl3_init_finished_mac(s);
                         }