{
session_t *app_session;
+ /* Failed to renegotiate handshake */
+ if (ctx->flags & TLS_CONN_F_HS_DONE)
+ {
+ tls_notify_app_io_error (ctx);
+ tls_disconnect_transport (ctx);
+ return;
+ }
+
if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl))
{
/*
if (SSL_in_init (oc->ssl))
return -1;
+ /* Renegotiated handshake, app must not be notified */
+ if (PREDICT_FALSE (ctx->flags & TLS_CONN_F_HS_DONE))
+ return 0;
+
/*
* Handshake complete
*/
return -1;
}
}
-
+ ctx->flags |= TLS_CONN_F_HS_DONE;
TLS_DBG (1, "Handshake for %u complete. TLS cipher is %s",
oc->openssl_ctx_index, SSL_get_cipher (oc->ssl));
return rv;
_ (APP_CLOSED, "app-closed") \
_ (MIGRATED, "migrated") \
_ (NO_APP_SESSION, "no-app-session") \
- _ (RESUME, "resume")
+ _ (RESUME, "resume") \
+ _ (HS_DONE, "handshake-done")
typedef enum tls_conn_flags_bit_
{