Add ssl_renegotiate_ignore. This option causes clients to ignore HelloRequest messages completely. This can be suitable in cases where a server tries to perform concurrent application data and handshake flow, e.g. because they are trying to “renew” symmetric keys. Change-Id: I2779f7eff30d82163f2c34a625ec91dc34fab548 Reviewed-on: https://boringssl-review.googlesource.com/6431 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>

commit: 27a0d086f7bbf7076270dbeee5e65552eb2eab3a [log] [tgz]
author: Adam Langley <agl@google.com> Tue Nov 03 13:34:10 2015 -0800
committer: Adam Langley <agl@google.com> Tue Nov 03 21:58:13 2015 +0000
tree: 00698a302fc48789c26acbb68fa6cf7a876f5f6f
parent: fa9eb568b07597af5ff75dd2bb8204e40fbfea78 [diff] [blame]
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index c50b315..7416d0e 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c

@@ -346,6 +346,8 @@
       return ssl->s3->total_renegotiations == 0;
     case ssl_renegotiate_freely:
       return 1;
+    case ssl_renegotiate_ignore:
+      return 1;
   }
 
   assert(0);
@@ -567,6 +569,10 @@
       goto err;
     }
 
+    if (s->renegotiate_mode == ssl_renegotiate_ignore) {
+      goto start;
+    }
+
     /* Renegotiation is only supported at quiescent points in the application
      * protocol, namely in HTTPS, just before reading the HTTP response. Require
      * the record-layer be idle and avoid complexities of sending a handshake
commit	27a0d086f7bbf7076270dbeee5e65552eb2eab3a	[log] [tgz]
author	Adam Langley <agl@google.com>	Tue Nov 03 13:34:10 2015 -0800
committer	Adam Langley <agl@google.com>	Tue Nov 03 21:58:13 2015 +0000
tree	00698a302fc48789c26acbb68fa6cf7a876f5f6f
parent	fa9eb568b07597af5ff75dd2bb8204e40fbfea78 [diff] [blame]