--- ssl/d1_clnt.c 2009-07-15 13:32:57.000000000 +0200 +++ ssl/d1_clnt.c 2009-07-23 12:43:27.000000000 +0200 @@ -172,7 +172,7 @@ switch(s->state) { case SSL_ST_RENEGOTIATE: - s->new_session=1; + s->renegotiate=1; s->state=SSL_ST_CONNECT; s->ctx->stats.sess_connect_renegotiate++; /* break */ @@ -488,7 +488,7 @@ /* else do it later in ssl3_write */ s->init_num=0; - s->new_session=0; + s->renegotiate=0; ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); if (s->hit) s->ctx->stats.sess_hit++; --- ssl/d1_pkt.c 2009-07-13 13:44:04.000000000 +0200 +++ ssl/d1_pkt.c 2009-07-23 12:43:53.000000000 +0200 @@ -960,6 +960,7 @@ !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && !s->s3->renegotiate) { + s->new_session = 1; ssl3_renegotiate(s); if (ssl3_renegotiate_check(s)) { @@ -1166,7 +1167,7 @@ #else s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; #endif - s->new_session=1; + s->renegotiate=1; } i=s->handshake_func(s); if (i < 0) return(i); --- ssl/d1_srvr.c 2009-06-05 16:46:49.000000000 +0200 +++ ssl/d1_srvr.c 2009-07-23 12:43:27.000000000 +0200 @@ -178,7 +178,7 @@ switch (s->state) { case SSL_ST_RENEGOTIATE: - s->new_session=1; + s->renegotiate=1; /* s->state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: @@ -271,7 +271,7 @@ ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; dtls1_stop_timer(s); - s->new_session = 2; + s->renegotiate = 2; if (s->d1->send_cookie) s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A; @@ -574,12 +574,12 @@ s->init_num=0; - if (s->new_session == 2) /* skipped if we just sent a HelloRequest */ + if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ { /* actually not necessarily a 'new' session unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ - s->new_session=0; + s->renegotiate=0; ssl_update_cache(s,SSL_SESS_CACHE_SERVER); --- ssl/s3_clnt.c 2009-06-16 18:39:20.000000000 +0200 +++ ssl/s3_clnt.c 2009-07-23 12:43:27.000000000 +0200 @@ -211,7 +211,7 @@ switch(s->state) { case SSL_ST_RENEGOTIATE: - s->new_session=1; + s->renegotiate=1; s->state=SSL_ST_CONNECT; s->ctx->stats.sess_connect_renegotiate++; /* break */ @@ -553,7 +553,7 @@ /* else do it later in ssl3_write */ s->init_num=0; - s->new_session=0; + s->renegotiate=0; ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); if (s->hit) s->ctx->stats.sess_hit++; --- ssl/s3_pkt.c 2009-07-14 17:28:44.000000000 +0200 +++ ssl/s3_pkt.c 2009-07-23 12:43:27.000000000 +0200 @@ -1228,7 +1228,7 @@ #else s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; #endif - s->new_session=1; + s->renegotiate=1; } i=s->handshake_func(s); if (i < 0) return(i); --- ssl/s3_srvr.c 2009-06-26 17:04:22.000000000 +0200 +++ ssl/s3_srvr.c 2009-07-23 12:43:27.000000000 +0200 @@ -219,7 +219,7 @@ switch (s->state) { case SSL_ST_RENEGOTIATE: - s->new_session=1; + s->renegotiate=1; /* s->state=SSL_ST_ACCEPT; */ case SSL_ST_BEFORE: @@ -305,7 +305,7 @@ ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; - s->new_session = 2; + s->renegotiate = 2; s->state=SSL3_ST_SW_SRVR_HELLO_A; s->init_num=0; break; @@ -653,12 +653,12 @@ s->init_num=0; - if (s->new_session == 2) /* skipped if we just sent a HelloRequest */ + if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */ { /* actually not necessarily a 'new' session unless * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ - s->new_session=0; + s->renegotiate=0; ssl_update_cache(s,SSL_SESS_CACHE_SERVER); --- ssl/ssl.h 2009-07-15 13:32:57.000000000 +0200 +++ ssl/ssl.h 2009-07-23 12:43:27.000000000 +0200 @@ -991,12 +991,14 @@ int server; /* are we the server side? - mostly used by SSL_clear*/ - int new_session;/* 1 if we are to use a new session. - * 2 if we are a server and are inside a handshake - * (i.e. not just sending a HelloRequest) - * NB: For servers, the 'new' session may actually be a previously - * cached session or even the previous session unless - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ + int renegotiate;/* 1 if we are renegotiating. + * 2 if we are a server and are inside a handshake + * (i.e. not just sending a HelloRequest) */ + int new_session;/* Generate a new session or reuse an old one. + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ + int quiet_shutdown;/* don't send shutdown packets */ int shutdown; /* we have shut things down, 0x01 sent, 0x02 * for received */ @@ -1626,6 +1628,7 @@ int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); int SSL_renegotiate_pending(SSL *s); int SSL_shutdown(SSL *s); --- ssl/ssl_lib.c 2009-06-30 13:57:24.000000000 +0200 +++ ssl/ssl_lib.c 2009-07-23 12:43:27.000000000 +0200 @@ -202,9 +202,9 @@ * needed because SSL_clear is not called when doing renegotiation) */ /* This is set if we are doing dynamic renegotiation so keep * the old cipher. It is sort of a SSL_clear_lite :-) */ - if (s->new_session) return(1); + if (s->renegotiate) return(1); #else - if (s->new_session) + if (s->renegotiate) { SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); return 0; @@ -1007,18 +1007,29 @@ int SSL_renegotiate(SSL *s) { - if (s->new_session == 0) - { - s->new_session=1; - } + if (s->renegotiate == 0) + s->renegotiate=1; + + s->new_session=1; + return(s->method->ssl_renegotiate(s)); } +int SSL_renegotiate_abbreviated(SSL *s) +{ + if (s->renegotiate == 0) + s->renegotiate=1; + + s->new_session=0; + + return(s->method->ssl_renegotiate(s)); +} + int SSL_renegotiate_pending(SSL *s) { /* becomes true when negotiation is requested; * false again once a handshake has finished */ - return (s->new_session != 0); + return (s->renegotiate != 0); } long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) @@ -2473,6 +2484,7 @@ ret->in_handshake = s->in_handshake; ret->handshake_func = s->handshake_func; ret->server = s->server; + ret->renegotiate = s->renegotiate; ret->new_session = s->new_session; ret->quiet_shutdown = s->quiet_shutdown; ret->shutdown=s->shutdown;