From: Shigeki Ohtsu <ohtsu@ohtsu.org>
Date: Wed, 12 Sep 2018 08:34:24 +0000 (+0900)
Subject: tls: workaround handshakedone in renegotiation
X-Git-Tag: archive/raspbian/10.15.2_dfsg-1+rpi1~1^2~9
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=128c3eb0e7780a73854705b038613af7aca1aabb;p=nodejs.git

tls: workaround handshakedone in renegotiation

`SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called
sending HelloRequest in OpenSSL-1.1.1.
We need to check whether this is in a renegotiation state or not.

Gbp-Pq: Topic ssl
Gbp-Pq: Name 8ceb260cc3e06a1ec43df9dbc63a3eb341b4559e.patch
---

diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
index b5eff3835..0ec66fc46 100644
--- a/src/tls_wrap.cc
+++ b/src/tls_wrap.cc
@@ -221,7 +221,10 @@ void TLSWrap::SSLInfoCallback(const SSL* ssl_, int where, int ret) {
     }
   }
 
-  if (where & SSL_CB_HANDSHAKE_DONE) {
+  // SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE are called
+  // sending HelloRequest in OpenSSL-1.1.1.
+  // We need to check whether this is in a renegotiation state or not.
+  if (where & SSL_CB_HANDSHAKE_DONE && !SSL_renegotiate_pending(ssl)) {
     c->established_ = true;
     Local<Value> callback = object->Get(env->onhandshakedone_string());
     if (callback->IsFunction()) {