commit | f605821c91b1a653aa0d872ff95580f5eb245c31 | [log] [tgz] |
---|---|---|
author | Maxim Dounin <mdounin@mdounin.ru> | Tue Mar 05 16:34:19 2019 +0300 |
committer | Maxim Dounin <mdounin@mdounin.ru> | Tue Mar 05 16:34:19 2019 +0300 |
tree | aeb76719875f586c250d1d44e2fed066a99e988a | |
parent | 1e1de5c92be3726da5c416179beb1f551c8fd32e [diff] |
SSL: moved c->ssl->handshaked check in server name callback. Server name callback is always called by OpenSSL, even if server_name extension is not present in ClientHello. As such, checking c->ssl->handshaked before the SSL_get_servername() result should help to more effectively prevent renegotiation in OpenSSL 1.1.0 - 1.1.0g, where neither SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS nor SSL_OP_NO_RENEGOTIATION is available.