On Fri, Nov 06, 2009 at 12:00:06AM +0000, Joe Orton wrote: > On Thu, Nov 05, 2009 at 09:31:00PM +0000, Joe Orton wrote: > > * we can detect in mod_ssl when the client is renegotiating by using the > > callback installed using SSL_CTX_set_info_callback(), in conjunction > > with suitable flags in the SSLConnRec to detect the cases where this is > > either a server-initiated renegotiation or the initial handshake on the > > connection. > > Here is a very rough first hack (for discussion/testing purposes only!):
FYI - Dirk points out that you can test this using openssl s_client by entering a line with the single character 'R' which s_client treats as a command to initiate a renegotiation. Joe $ openssl s_client ... --- GET / HTTP/1.1 Host: localhost R RENEGOTIATING 139919233795736:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:590:
