commit f3dc2f6a1d083349c7fcc365ae4ce34563fcc4ba
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Oct 29 18:17:41 2013 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Oct 30 16:46:46 2013 +0100
tree 1d3ce0b208623da39910acbf7fea012a8c645235
parent 53b3e0603b592c61d9c0a49a8082feb62e253856

Add code for testing server-initiated renegotiation

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 7d81fc9..66ba58a 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -335,6 +335,30 @@
 }
 #endif /* POLARSSL_SSL_SESSION_TICKETS */
 
+/*
+ * Write HelloRequest to request renegotiation
+ */
+int ssl_write_hello_request( ssl_context *ssl )
+{
+    int ret;
+
+    SSL_DEBUG_MSG( 2, ( "=> write hello request" ) );
+
+    ssl->out_msglen  = 4;
+    ssl->out_msgtype = SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = SSL_HS_HELLO_REQUEST;
+
+    if( ( ret = ssl_write_record( ssl ) ) != 0 )
+    {
+        SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+        return( ret );
+    }
+
+    SSL_DEBUG_MSG( 2, ( "<= write hello request" ) );
+
+    return( 0 );
+}
+
 #if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
 /*
  * Wrapper around f_sni, allowing use of ssl_set_own_cert() but

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b8bc188..e636f9d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1930,7 +1930,8 @@
         ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >>  8 );
         ssl->out_msg[3] = (unsigned char)( ( len - 4 )       );
 
-        ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
+        if( ssl->out_msg[0] != SSL_HS_HELLO_REQUEST )
+            ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
     }
 
 #if defined(POLARSSL_ZLIB_SUPPORT)