1 files changed, 18 insertions, 3 deletions

diff --git a/src/ssl/s3_pkt.c b/src/ssl/s3_pkt.c
index 3c2435d..1cb2ac6 100644
--- a/src/ssl/s3_pkt.c
+++ b/src/ssl/s3_pkt.c
@@ -337,6 +337,20 @@ void ssl3_read_close_notify(SSL *ssl) {
   ssl3_read_bytes(ssl, 0, NULL, 0, 0);
 }
 
+static int ssl3_can_renegotiate(SSL *ssl) {
+  switch (ssl->renegotiate_mode) {
+    case ssl_renegotiate_never:
+      return 0;
+    case ssl_renegotiate_once:
+      return ssl->s3->total_renegotiations == 0;
+    case ssl_renegotiate_freely:
+      return 1;
+  }
+
+  assert(0);
+  return 0;
+}
+
 /* Return up to 'len' payload bytes received in 'type' records.
  * 'type' is one of the following:
  *
@@ -368,7 +382,7 @@ int ssl3_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek) {
   int al, i, ret;
   unsigned int n;
   SSL3_RECORD *rr;
-  void (*cb)(const SSL *ssl, int type2, int val) = NULL;
+  void (*cb)(const SSL *ssl, int type, int value) = NULL;
 
   if ((type && type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) ||
       (peek && type != SSL3_RT_APPLICATION_DATA)) {
@@ -509,7 +523,7 @@ start:
   if (rr->type == SSL3_RT_HANDSHAKE) {
     /* If peer renegotiations are disabled, all out-of-order handshake records
      * are fatal. Renegotiations as a server are never supported. */
-    if (!s->accept_peer_renegotiations || s->server) {
+    if (s->server || !ssl3_can_renegotiate(s)) {
       al = SSL_AD_NO_RENEGOTIATION;
       OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
       goto f_err;
@@ -563,6 +577,7 @@ start:
     }
 
     /* Begin a new handshake. */
+    s->s3->total_renegotiations++;
     s->state = SSL_ST_CONNECT;
     i = s->handshake_func(s);
     if (i < 0) {
@@ -771,7 +786,7 @@ int ssl3_send_alert(SSL *s, int level, int desc) {
 
 int ssl3_dispatch_alert(SSL *s) {
   int i, j;
-  void (*cb)(const SSL *ssl, int type, int val) = NULL;
+  void (*cb)(const SSL *ssl, int type, int value) = NULL;
 
   s->s3->alert_dispatch = 0;
   i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2);