#endif
case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
s->ext.debug_cb = (void (*)(SSL *, int, int,
- const unsigned char *, int, void *))fp;
+ const unsigned char *, int, void *))fp;
break;
case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
{
clear_sys_error();
if (s->s3->renegotiate)
- ssl3_renegotiate_check(s);
+ ssl3_renegotiate_check(s, 0);
return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
written);
clear_sys_error();
if (s->s3->renegotiate)
- ssl3_renegotiate_check(s);
+ ssl3_renegotiate_check(s, 0);
s->s3->in_read_app_data = 1;
ret =
s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
if (s->handshake_func == NULL)
return (1);
- if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
- return (0);
-
s->s3->renegotiate = 1;
return (1);
}
-int ssl3_renegotiate_check(SSL *s)
+/*
+ * Check if we are waiting to do a renegotiation and if so whether now is a
+ * good time to do it. If |initok| is true then we are being called from inside
+ * the state machine so ignore the result of SSL_in_init(s). Otherwise we
+ * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
+ * should do a renegotiation now and sets up the state machine for it. Otherwise
+ * returns 0.
+ */
+int ssl3_renegotiate_check(SSL *s, int initok)
{
int ret = 0;
if (s->s3->renegotiate) {
if (!RECORD_LAYER_read_pending(&s->rlayer)
&& !RECORD_LAYER_write_pending(&s->rlayer)
- && !SSL_in_init(s)) {
+ && (initok || !SSL_in_init(s))) {
/*
* if we are the server, and we have sent a 'RENEGOTIATE'
* message, we need to set the state machine into the renegotiate
ret = 1;
}
}
- return (ret);
+ return ret;
}
/*