tls: allow secure TLS renegotiation (#1121)

baresip · May 16, 2024 · 14c981e · 14c981e
1 parent c1e09de
commit 14c981e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/tls/openssl/tls_tcp.c b/src/tls/openssl/tls_tcp.c
@@ -230,7 +230,7 @@ static bool recv_handler(int *err, struct mbuf *mb, bool *estab, void *arg)
 
 	if (SSL_state(tc->ssl) != SSL_ST_OK) {
 
-		if (tc->up) {
+		if (tc->up && !SSL_get_secure_renegotiation_support(tc->ssl)) {
 			*err = EPROTO;
 			return true;
 		}

diff --git a/src/tls/openssl/tls_udp.c b/src/tls/openssl/tls_udp.c
@@ -353,7 +353,7 @@ static void conn_recv(struct tls_conn *tc, struct mbuf *mb)
 
 	if (SSL_state(tc->ssl) != SSL_ST_OK) {
 
-		if (tc->up) {
+		if (tc->up && !SSL_get_secure_renegotiation_support(tc->ssl)) {
 			conn_close(tc, EPROTO);
 			return;
 		}