1 files changed, 23 insertions, 16 deletions

diff --git a/src/ssl/s3_pkt.c b/src/ssl/s3_pkt.c
index 1cb2ac6..7416d0e 100644
--- a/src/ssl/s3_pkt.c
+++ b/src/ssl/s3_pkt.c
@@ -249,6 +249,23 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) {
   }
 }
 
+static int ssl3_write_pending(SSL *s, int type, const uint8_t *buf,
+                              unsigned int len) {
+  if (s->s3->wpend_tot > (int)len ||
+      (s->s3->wpend_buf != buf &&
+       !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
+      s->s3->wpend_type != type) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_WRITE_RETRY);
+    return -1;
+  }
+
+  int ret = ssl_write_buffer_flush(s);
+  if (ret <= 0) {
+    return ret;
+  }
+  return s->s3->wpend_ret;
+}
+
 /* do_ssl3_write writes an SSL record of the given type. */
 static int do_ssl3_write(SSL *s, int type, const uint8_t *buf, unsigned len) {
   /* If there is still data from the previous record, flush it. */
@@ -298,22 +315,6 @@ static int do_ssl3_write(SSL *s, int type, const uint8_t *buf, unsigned len) {
   return ssl3_write_pending(s, type, buf, len);
 }
 
-int ssl3_write_pending(SSL *s, int type, const uint8_t *buf, unsigned int len) {
-  if (s->s3->wpend_tot > (int)len ||
-      (s->s3->wpend_buf != buf &&
-       !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
-      s->s3->wpend_type != type) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_WRITE_RETRY);
-    return -1;
-  }
-
-  int ret = ssl_write_buffer_flush(s);
-  if (ret <= 0) {
-    return ret;
-  }
-  return s->s3->wpend_ret;
-}
-
 /* ssl3_expect_change_cipher_spec informs the record layer that a
  * ChangeCipherSpec record is required at this point. If a Handshake record is
  * received before ChangeCipherSpec, the connection will fail. Moreover, if
@@ -345,6 +346,8 @@ static int ssl3_can_renegotiate(SSL *ssl) {
       return ssl->s3->total_renegotiations == 0;
     case ssl_renegotiate_freely:
       return 1;
+    case ssl_renegotiate_ignore:
+      return 1;
   }
 
   assert(0);
@@ -566,6 +569,10 @@ start:
       goto err;
     }
 
+    if (s->renegotiate_mode == ssl_renegotiate_ignore) {
+      goto start;
+    }
+
     /* Renegotiation is only supported at quiescent points in the application
      * protocol, namely in HTTPS, just before reading the HTTP response. Require
      * the record-layer be idle and avoid complexities of sending a handshake