Joe Orton wrote:
* we can detect in mod_ssl when the client is renegotiating by using the callback installed using SSL_CTX_set_info_callback(), in conjunction with suitable flags in the SSLConnRec to detect the cases where this is either a server-initiated renegotiation or the initial handshake on the connection.
This seems to work for me - i.e. it calls back exactly when needed (rather than EAGAIN like break bubbling up in kernel_io.c) - and it _also_ seems to cover the other types of re-negotiation (i.e. other than for a Cert) which actually worry me a lot more.
For the record - this MiM can be done with _all_ type of (re)negotiations - for all parameters right ?
Thanks, Dw.
