diff options
Diffstat (limited to 'src/ssl/s3_pkt.c')
-rw-r--r-- | src/ssl/s3_pkt.c | 39 |
1 files changed, 23 insertions, 16 deletions
diff --git a/src/ssl/s3_pkt.c b/src/ssl/s3_pkt.c index 1cb2ac6..7416d0e 100644 --- a/src/ssl/s3_pkt.c +++ b/src/ssl/s3_pkt.c @@ -249,6 +249,23 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) { } } +static int ssl3_write_pending(SSL *s, int type, const uint8_t *buf, + unsigned int len) { + if (s->s3->wpend_tot > (int)len || + (s->s3->wpend_buf != buf && + !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || + s->s3->wpend_type != type) { + OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_WRITE_RETRY); + return -1; + } + + int ret = ssl_write_buffer_flush(s); + if (ret <= 0) { + return ret; + } + return s->s3->wpend_ret; +} + /* do_ssl3_write writes an SSL record of the given type. */ static int do_ssl3_write(SSL *s, int type, const uint8_t *buf, unsigned len) { /* If there is still data from the previous record, flush it. */ @@ -298,22 +315,6 @@ static int do_ssl3_write(SSL *s, int type, const uint8_t *buf, unsigned len) { return ssl3_write_pending(s, type, buf, len); } -int ssl3_write_pending(SSL *s, int type, const uint8_t *buf, unsigned int len) { - if (s->s3->wpend_tot > (int)len || - (s->s3->wpend_buf != buf && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) || - s->s3->wpend_type != type) { - OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_WRITE_RETRY); - return -1; - } - - int ret = ssl_write_buffer_flush(s); - if (ret <= 0) { - return ret; - } - return s->s3->wpend_ret; -} - /* ssl3_expect_change_cipher_spec informs the record layer that a * ChangeCipherSpec record is required at this point. If a Handshake record is * received before ChangeCipherSpec, the connection will fail. Moreover, if @@ -345,6 +346,8 @@ static int ssl3_can_renegotiate(SSL *ssl) { return ssl->s3->total_renegotiations == 0; case ssl_renegotiate_freely: return 1; + case ssl_renegotiate_ignore: + return 1; } assert(0); @@ -566,6 +569,10 @@ start: goto err; } + if (s->renegotiate_mode == ssl_renegotiate_ignore) { + goto start; + } + /* Renegotiation is only supported at quiescent points in the application * protocol, namely in HTTPS, just before reading the HTTP response. Require * the record-layer be idle and avoid complexities of sending a handshake |