tls: workaround handshakedone in renegotiation

shigeki · sam-github · commit 6be596d09fd7 · 2019-02-28T13:33:13.000-08:00
`SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org> Backport-PR-URL: nodejs#25688
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
@@ -221,7 +221,10 @@ void TLSWrap::SSLInfoCallback(const SSL* ssl_, int where, int ret) {
     }
   }
 
-  if (where & SSL_CB_HANDSHAKE_DONE) {
+  // SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE are called
+  // sending HelloRequest in OpenSSL-1.1.1.
+  // We need to check whether this is in a renegotiation state or not.
+  if (where & SSL_CB_HANDSHAKE_DONE && !SSL_renegotiate_pending(ssl)) {
     c->established_ = true;
     Local<Value> callback = object->Get(env->onhandshakedone_string());
     if (callback->IsFunction()) {

Original file line number	Diff line number	Diff line change
`@@ -221,7 +221,10 @@ void TLSWrap::SSLInfoCallback(const SSL* ssl_, int where, int ret) {`
`221`	`221`	`}`
`222`	`222`	`}`
`223`	`223`
`224`		`- if (where & SSL_CB_HANDSHAKE_DONE) {`
	`224`	`+ // SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE are called`
	`225`	`+ // sending HelloRequest in OpenSSL-1.1.1.`
	`226`	`+ // We need to check whether this is in a renegotiation state or not.`
	`227`	`+ if (where & SSL_CB_HANDSHAKE_DONE && !SSL_renegotiate_pending(ssl)) {`
`225`	`228`	`c->established_ = true;`
`226`	`229`	`Local<Value> callback = object->Get(env->onhandshakedone_string());`
`227`	`230`	`if (callback->IsFunction()) {`