Merge pull request #3596 from julek-wolfssl/dtls-multiple-hellorequest

Calling wolfSSL_Rehandshake during renegotiation should not be an error
2020-12-31 13:53:32 -08:00
parent fbb3e9fca3 54479359f3
commit ef56bc09f1
1 changed files with 13 additions and 2 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2671,8 +2671,19 @@ static int _Rehandshake(WOLFSSL* ssl)
        ssl->options.acceptState != ACCEPT_FIRST_REPLY_DONE) {

        if (ssl->options.handShakeState != HANDSHAKE_DONE) {
-            WOLFSSL_MSG("Can't renegotiate until previous handshake complete");
-            return SECURE_RENEGOTIATION_E;
+            if (!ssl->options.handShakeDone) {
+                WOLFSSL_MSG("Can't renegotiate until initial "
+                            "handshake complete");
+                return SECURE_RENEGOTIATION_E;
+            }
+            else {
+                WOLFSSL_MSG("Renegotiation already started. "
+                            "Moving it forward.");
+                ret = wolfSSL_negotiate(ssl);
+                if (ret == WOLFSSL_SUCCESS)
+                    ssl->secure_rene_count++;
+                return ret;
+            }
        }

 #ifndef NO_FORCE_SCR_SAME_SUITE