Updated version. The variable new_session is now set during a full handshake as before, to avoid breaking applications which access it directly instead using SSL_renegotiate_pending() to determine whether a handshake is in progress.
--- ssl/d1_clnt.c 26 Jan 2010 19:46:29 -0000 1.16.2.15
+++ ssl/d1_clnt.c 26 Aug 2010 13:04:39 -0000
@@ -171,7 +171,7 @@
switch(s->state)
{
case SSL_ST_RENEGOTIATE:
- s->new_session=1;
+ s->renegotiate=1;
s->state=SSL_ST_CONNECT;
s->ctx->stats.sess_connect_renegotiate++;
/* break */
@@ -539,6 +539,7 @@
/* else do it later in ssl3_write */
s->init_num=0;
+ s->renegotiate=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
--- ssl/d1_pkt.c 15 Jun 2010 17:25:13 -0000 1.27.2.25
+++ ssl/d1_pkt.c 26 Aug 2010 13:04:39 -0000
@@ -957,6 +957,7 @@
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
!s->s3->renegotiate)
{
+ s->new_session = 1;
ssl3_renegotiate(s);
if (ssl3_renegotiate_check(s))
{
@@ -1163,6 +1164,7 @@
#else
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
#endif
+ s->renegotiate=1;
s->new_session=1;
}
i=s->handshake_func(s);
--- ssl/d1_srvr.c 1 Feb 2010 16:49:42 -0000 1.20.2.16
+++ ssl/d1_srvr.c 26 Aug 2010 13:04:39 -0000
@@ -177,7 +177,7 @@
switch (s->state)
{
case SSL_ST_RENEGOTIATE:
- s->new_session=1;
+ s->renegotiate=1;
/* s->state=SSL_ST_ACCEPT; */
case SSL_ST_BEFORE:
@@ -299,7 +299,7 @@
case SSL3_ST_SW_SRVR_HELLO_A:
case SSL3_ST_SW_SRVR_HELLO_B:
- s->new_session = 2;
+ s->renegotiate = 2;
dtls1_start_timer(s);
ret=dtls1_send_server_hello(s);
if (ret <= 0) goto end;
@@ -620,11 +620,12 @@
s->init_num=0;
- if (s->new_session == 2) /* skipped if we just sent a
HelloRequest */
+ if (s->renegotiate == 2) /* skipped if we just sent a
HelloRequest */
{
/* actually not necessarily a 'new' session
unless
*
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+ s->renegotiate=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
--- ssl/s3_clnt.c 28 Feb 2010 00:24:24 -0000 1.129.2.15
+++ ssl/s3_clnt.c 26 Aug 2010 13:04:39 -0000
@@ -207,7 +207,7 @@
switch(s->state)
{
case SSL_ST_RENEGOTIATE:
- s->new_session=1;
+ s->renegotiate=1;
s->state=SSL_ST_CONNECT;
s->ctx->stats.sess_connect_renegotiate++;
/* break */
@@ -546,6 +546,7 @@
/* else do it later in ssl3_write */
s->init_num=0;
+ s->renegotiate=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
--- ssl/s3_lib.c 16 Oct 2009 15:24:19 -0000 1.126.2.4
+++ ssl/s3_lib.c 26 Aug 2010 13:04:39 -0000
@@ -2226,6 +2226,7 @@
s->packet_length=0;
s->s3->renegotiate=0;
+ s->s3->new_session=0;
s->s3->total_renegotiations=0;
s->s3->num_renegotiations=0;
s->s3->in_read_app_data=0;
--- ssl/s3_pkt.c 27 Jun 2010 14:22:10 -0000 1.72.2.7.2.1
+++ ssl/s3_pkt.c 26 Aug 2010 13:04:39 -0000
@@ -1280,6 +1280,7 @@
#else
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
#endif
+ s->renegotiate=1;
s->new_session=1;
}
i=s->handshake_func(s);
--- ssl/s3_srvr.c 27 Feb 2010 23:04:10 -0000 1.171.2.21
+++ ssl/s3_srvr.c 26 Aug 2010 13:04:39 -0000
@@ -218,7 +218,7 @@
switch (s->state)
{
case SSL_ST_RENEGOTIATE:
- s->new_session=1;
+ s->renegotiate=1;
/* s->state=SSL_ST_ACCEPT; */
case SSL_ST_BEFORE:
@@ -316,7 +316,7 @@
ret=ssl3_get_client_hello(s);
if (ret <= 0) goto end;
- s->new_session = 2;
+ s->renegotiate = 2;
s->state=SSL3_ST_SW_SRVR_HELLO_A;
s->init_num=0;
break;
@@ -673,11 +673,12 @@
s->init_num=0;
- if (s->new_session == 2) /* skipped if we just sent a
HelloRequest */
+ if (s->renegotiate == 2) /* skipped if we just sent a
HelloRequest */
{
/* actually not necessarily a 'new' session
unless
*
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+ s->renegotiate=0;
s->new_session=0;
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
--- ssl/ssl.h 18 Jul 2010 17:39:46 -0000 1.221.2.24.2.2
+++ ssl/ssl.h 26 Aug 2010 13:04:39 -0000
@@ -1007,12 +1007,14 @@
int server; /* are we the server side? - mostly used by SSL_clear*/
- int new_session;/* 1 if we are to use a new session.
- * 2 if we are a server and are inside a handshake
- * (i.e. not just sending a HelloRequest)
- * NB: For servers, the 'new' session may actually be a
previously
- * cached session or even the previous session unless
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
*/
+ int new_session;/* Generate a new session or reuse an old one.
+ * NB: For servers, the 'new' session
may actually be a previously
+ * cached session or even the previous
session unless
+ *
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+ int renegotiate;/* 1 if we are renegotiating.
+ * 2 if we are a server and are inside
a handshake
+ * (i.e. not just sending a
HelloRequest) */
+
int quiet_shutdown;/* don't send shutdown packets */
int shutdown; /* we have shut things down, 0x01 sent, 0x02
* for received */
@@ -1661,6 +1663,7 @@
int SSL_do_handshake(SSL *s);
int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_abbreviated(SSL *s);
int SSL_renegotiate_pending(SSL *s);
int SSL_shutdown(SSL *s);
--- ssl/ssl_lib.c 27 Jun 2010 14:22:10 -0000 1.176.2.19.2.1
+++ ssl/ssl_lib.c 26 Aug 2010 13:04:39 -0000
@@ -202,9 +202,9 @@
* needed because SSL_clear is not called when doing renegotiation) */
/* This is set if we are doing dynamic renegotiation so keep
* the old cipher. It is sort of a SSL_clear_lite :-) */
- if (s->new_session) return(1);
+ if (s->renegotiate) return(1);
#else
- if (s->new_session)
+ if (s->renegotiate)
{
SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
return 0;
@@ -1008,18 +1008,29 @@
int SSL_renegotiate(SSL *s)
{
- if (s->new_session == 0)
- {
- s->new_session=1;
- }
+ if (s->renegotiate == 0)
+ s->renegotiate=1;
+
+ s->new_session=1;
+
return(s->method->ssl_renegotiate(s));
}
+int SSL_renegotiate_abbreviated(SSL *s)
+{
+ if (s->renegotiate == 0)
+ s->renegotiate=1;
+
+ s->new_session=0;
+
+ return(s->method->ssl_renegotiate(s));
+}
+
int SSL_renegotiate_pending(SSL *s)
{
/* becomes true when negotiation is requested;
* false again once a handshake has finished */
- return (s->new_session != 0);
+ return (s->renegotiate != 0);
}
long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
@@ -2519,6 +2530,7 @@
ret->in_handshake = s->in_handshake;
ret->handshake_func = s->handshake_func;
ret->server = s->server;
+ ret->renegotiate = s->renegotiate;
ret->new_session = s->new_session;
ret->quiet_shutdown = s->quiet_shutdown;
ret->shutdown=s->shutdown;
abbreviated-renegotiation.patch
Description: Binary data
