diff --git a/src/ssl.c b/src/ssl.c index 1145f51e2..4d5e548f0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11853,7 +11853,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif #ifdef WOLFSSL_WOLFSENTRY_HOOKS - if (ssl->ConnectFilter) { + if ((ssl->ConnectFilter != NULL) && + (ssl->options.connectState == CONNECT_BEGIN)) { wolfSSL_netfilter_decision_t res; if ((ssl->ConnectFilter(ssl, ssl->ConnectFilter_arg, &res) == WOLFSSL_SUCCESS) && @@ -12324,7 +12325,13 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_ENTER("SSL_accept()"); #ifdef WOLFSSL_WOLFSENTRY_HOOKS - if (ssl->AcceptFilter) { + if ((ssl->AcceptFilter != NULL) && + ((ssl->options.acceptState == ACCEPT_BEGIN) +#ifdef HAVE_SECURE_RENEGOTIATION + || (ssl->options.acceptState == ACCEPT_BEGIN_RENEG) +#endif + )) + { wolfSSL_netfilter_decision_t res; if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) && diff --git a/src/tls13.c b/src/tls13.c index 4c6592835..0632b0103 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -9746,7 +9746,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) } #ifdef WOLFSSL_WOLFSENTRY_HOOKS - if (ssl->ConnectFilter) { + if ((ssl->ConnectFilter != NULL) && + (ssl->options.connectState == CONNECT_BEGIN)) + { wolfSSL_netfilter_decision_t res; if ((ssl->ConnectFilter(ssl, ssl->ConnectFilter_arg, &res) == WOLFSSL_SUCCESS) && @@ -10781,7 +10783,13 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) } #ifdef WOLFSSL_WOLFSENTRY_HOOKS - if (ssl->AcceptFilter) { + if ((ssl->AcceptFilter != NULL) && + ((ssl->options.acceptState == TLS13_ACCEPT_BEGIN) +#ifdef HAVE_SECURE_RENEGOTIATION + || (ssl->options.acceptState == TLS13_ACCEPT_BEGIN_RENEG) +#endif + )) + { wolfSSL_netfilter_decision_t res; if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) == WOLFSSL_SUCCESS) &&