tls: workaround handshakedone in renegotiation

shigeki · targos · commit 6e80f6d9a16d · 2019-01-28T20:41:01.000+01:00
`SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. PR-URL: #25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: #25688
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
@@ -221,7 +221,10 @@ void TLSWrap::SSLInfoCallback(const SSL* ssl_, int where, int ret) {
     }
   }
 
-  if (where & SSL_CB_HANDSHAKE_DONE) {
+  // SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE are called
+  // sending HelloRequest in OpenSSL-1.1.1.
+  // We need to check whether this is in a renegotiation state or not.
+  if (where & SSL_CB_HANDSHAKE_DONE && !SSL_renegotiate_pending(ssl)) {
     Local<Value> callback;
 
     c->established_ = true;

Original file line number	Diff line number	Diff line change
`@@ -221,7 +221,10 @@ void TLSWrap::SSLInfoCallback(const SSL* ssl_, int where, int ret) {`
`221`	`221`	`}`
`222`	`222`	`}`
`223`	`223`
`224`		`- if (where & SSL_CB_HANDSHAKE_DONE) {`
	`224`	`+ // SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE are called`
	`225`	`+ // sending HelloRequest in OpenSSL-1.1.1.`
	`226`	`+ // We need to check whether this is in a renegotiation state or not.`
	`227`	`+ if (where & SSL_CB_HANDSHAKE_DONE && !SSL_renegotiate_pending(ssl)) {`
`225`	`228`	`Local<Value> callback;`
`226`	`229`
`227`	`230`	`c->established_ = true;`