From 1a2fcb8607efe480b88269696eceb65f90abc695 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 8 Jun 2026 19:22:42 +0000 Subject: [PATCH] F-4144: propagate SendAlert result in DoHelloRequest no-reneg trace In the WOLFSSL_OP_NO_RENEGOTIATION refusal path, WOLFSSL_LEAVE logged a hard-coded 0 while the function actually returned SendAlert()'s result. Capture the return value first so the trace reflects reality (e.g. when SendAlert fails due to write backpressure) and return it. --- src/internal.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index 221ab40a94..e44cc41678 100644 --- a/src/internal.c +++ b/src/internal.c @@ -18055,10 +18055,12 @@ static int DoHelloRequest(WOLFSSL* ssl, word32 size) * peer-initiated renegotiation. Respond with a no_renegotiation * warning alert instead of starting a secure renegotiation. */ if (ssl->options.mask & WOLFSSL_OP_NO_RENEGOTIATION) { + int ret; WOLFSSL_MSG("Rejecting HelloRequest: WOLFSSL_OP_NO_RENEGOTIATION"); - WOLFSSL_LEAVE("DoHelloRequest", 0); + ret = SendAlert(ssl, alert_warning, no_renegotiation); + WOLFSSL_LEAVE("DoHelloRequest", ret); WOLFSSL_END(WC_FUNC_HELLO_REQUEST_DO); - return SendAlert(ssl, alert_warning, no_renegotiation); + return ret; } ssl->secure_renegotiation->startScr = 1; WOLFSSL_LEAVE("DoHelloRequest", 0);