Skip to content

Commit 6e80f6d

Browse files
shigekitargos
authored andcommitted
tls: workaround handshakedone in renegotiation
`SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. PR-URL: #25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: #25688
1 parent c34c569 commit 6e80f6d

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

src/tls_wrap.cc

+4-1
Original file line numberDiff line numberDiff line change
@@ -221,7 +221,10 @@ void TLSWrap::SSLInfoCallback(const SSL* ssl_, int where, int ret) {
221221
}
222222
}
223223

224-
if (where & SSL_CB_HANDSHAKE_DONE) {
224+
// SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE are called
225+
// sending HelloRequest in OpenSSL-1.1.1.
226+
// We need to check whether this is in a renegotiation state or not.
227+
if (where & SSL_CB_HANDSHAKE_DONE && !SSL_renegotiate_pending(ssl)) {
225228
Local<Value> callback;
226229

227230
c->established_ = true;

0 commit comments

Comments
 (0)