bool CHECK_RESULT renegotiatefull(SSL *ssl, bool server) { if (debuglevel > 2) fprintf(stderr,"Renegotiating\n"); CHECK(SSL_renegotiate(ssl) == SSL_OK); // On server, this results in "HelloRequest" being sent to server. // Allow SSL to do this in its own time on client. if (!LOGCHECK(sslDoHandshake(ssl) == SSL_OK)) { return false; } #if defined LIBRESSL_VERSION_NUMBER || OPENSSL_VERSION_NUMBER < 0x10100000L // [Now, mercifully, seems to be unnecessary in the main OpenSSL branch] // [Just as well, as it doesn't compile any more] if (server) { // Nasty hack - this makes SSL expect an immediate // handshake and we get an error otherwise. See: // http://www.mail-archive.com/[email protected]/msg20802.html ssl->state = SSL_ST_ACCEPT; // Complete the handshake. // This fails if there is unread data from the client // This can also fail eg. if the client fails to send a certificate. // Should change to softer error. if (!LOGCHECK(sslDoHandshake(ssl) == SSL_OK)) { return false; } } #endif return true; }
// Initiate an asynchronous renegotiation bool CHECK_RESULT renegotiate(SSL *ssl, bool server) { if (debuglevel > 2) fprintf(stderr,"Renegotiating\n"); CHECK(SSL_renegotiate(ssl) == SSL_OK); // On server, this results in "HelloRequest" being sent to client. // Allow SSL to do this in its own time on client. if (server) { if (!LOGCHECK(sslDoHandshake(ssl) == SSL_OK)) { return false; } } return true; }
bool CHECK_RESULT renegotiatefull(SSL *ssl, bool server) { if (debuglevel > 2) fprintf(stderr,"Renegotiating\n"); CHECK(SSL_renegotiate(ssl) == SSL_OK); // On server, this results in "HelloRequest" being sent to server. // Allow SSL to do this in its own time on client. if (!LOGCHECK(sslDoHandshake(ssl) == SSL_OK)) { return false; } if (server) { // Nasty hack - this makes SSL expect an immediate // handshake and we get an error otherwise. See: // http://www.mail-archive.com/[email protected]/msg20802.html ssl->state = SSL_ST_ACCEPT; // Complete the handshake. // This fails if there is unread data from the client // This can also fail eg. if the client fails to send a certificate. // Should change to softer error. if (!LOGCHECK(sslDoHandshake(ssl) == SSL_OK)) { return false; } } return true; }