Import OpenSSL 0.9.8l
[dragonfly.git] / crypto / openssl / ssl / s3_pkt.c
index 9476dcd..b98b840 100644 (file)
@@ -985,6 +985,7 @@ start:
 
                if (SSL_is_init_finished(s) &&
                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+                       (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) &&
                        !s->s3->renegotiate)
                        {
                        ssl3_renegotiate(s);
@@ -1117,7 +1118,8 @@ start:
        if ((s->s3->handshake_fragment_len >= 4) &&     !s->in_handshake)
                {
                if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
-                       !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+                       !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+                       (s->s3->flags & SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
                        {
 #if 0 /* worked only because C operator preferences are not as expected (and
        * because this is not really needed for clients except for detecting