From 60a6da1c145dbfb95e403d9316b77d7956615c87 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 20 Nov 2017 16:15:06 -0800
Subject: [PATCH] Adds new option to enable secure-renegotiation by default
 (used by IIS for client authentication).
 `WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT`.

---
 src/internal.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index d8e49b906..d33dbf744 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -4444,6 +4444,15 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     }
 #endif
 
+#ifdef HAVE_SECURE_RENEGOTIATION
+    /* use secure renegotiation by default (not recommend) */
+    #ifdef WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
+        ret = wolfSSL_UseSecureRenegotiation(ssl);
+        if (ret != WOLFSSL_SUCCESS)
+            return ret;
+    #endif
+#endif
+
     return 0;
 }