Allow ssl_renegotiate() to be called in a loop

Previously broken if waiting for network I/O in the middle of a re-handshake
initiated by the client.
This commit is contained in:
Manuel Pégourié-Gonnard 2013-10-30 12:47:35 +01:00
parent e5e1bb972c
commit caed0541a0
2 changed files with 17 additions and 7 deletions

View file

@ -200,7 +200,8 @@
#define SSL_VERIFY_REQUIRED 2
#define SSL_INITIAL_HANDSHAKE 0
#define SSL_RENEGOTIATION 1
#define SSL_RENEGOTIATION 1 /* In progress */
#define SSL_RENEGOTIATION_DONE 2 /* Done */
#define SSL_LEGACY_RENEGOTIATION 0
#define SSL_SECURE_RENEGOTIATION 1

View file

@ -3023,6 +3023,9 @@ void ssl_handshake_wrapup( ssl_context *ssl )
polarssl_free( ssl->handshake );
ssl->handshake = NULL;
if( ssl->renegotiation == SSL_RENEGOTIATION )
ssl->renegotiation = SSL_RENEGOTIATION_DONE;
/*
* Switch in our now active transform context
*/
@ -3977,15 +3980,21 @@ int ssl_renegotiate( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) );
/*
* If renegotiation is already in progress, skip checks/init
*/
if( ssl->renegotiation != SSL_RENEGOTIATION )
{
if( ssl->state != SSL_HANDSHAKE_OVER )
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
ssl->state = SSL_HELLO_REQUEST;
ssl->renegotiation = SSL_RENEGOTIATION;
if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
return( ret );
ssl->state = SSL_HELLO_REQUEST;
ssl->renegotiation = SSL_RENEGOTIATION;
}
if( ( ret = ssl_handshake( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_handshake", ret );