ret+=size_str;
}
- /* Add the renegotiation option: TODOEKR switch */
- {
+ /* Add RI if renegotiating */
+ if (s->new_session)
+ {
int el;
if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
* which doesn't support RI so for the immediate future tolerate RI
* absence on initial connect only.
*/
- if (!renegotiate_seen &&
- (s->new_session || !(s->options & SSL_OP_LEGACY_SERVER_CONNECT))
+ if (!renegotiate_seen
+ && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
{
*al = SSL_AD_HANDSHAKE_FAILURE;