Add SSL_set_renegotiate_mode. Add a slightly richer API. Notably, one can configure ssl_renegotiate_once to only accept the first renego. Also, this API doesn't repeat the mistake I made with SSL_set_reject_peer_renegotiations which is super-confusing with the negation. Change-Id: I7eb5d534e3e6c553b641793f4677fe5a56451c71 Reviewed-on: https://boringssl-review.googlesource.com/6221 Reviewed-by: Adam Langley <agl@google.com>

commit: 1d5ef3bb1eb97848617db5e7d633d735a401df86 [log] [tgz]
author: David Benjamin <davidben@chromium.org> Mon Oct 12 19:54:18 2015 -0400
committer: Adam Langley <agl@google.com> Tue Oct 13 18:02:28 2015 +0000
tree: fe32b72aca781196fb0e037437c5846c25b9ce4e
parent: 324dce4fd70ee84dc279c43c6ae29e672ea26e31 [diff] [blame]
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 66867ba..355195e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -2699,8 +2699,13 @@
   ctx->dos_protection_cb = cb;
 }
 
-void SSL_set_reject_peer_renegotiations(SSL *s, int reject) {
-  s->accept_peer_renegotiations = !reject;
+void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) {
+  ssl->renegotiate_mode = mode;
+}
+
+void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject) {
+  SSL_set_renegotiate_mode(
+      ssl, reject ? ssl_renegotiate_never : ssl_renegotiate_freely);
 }
 
 int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key,
commit	1d5ef3bb1eb97848617db5e7d633d735a401df86	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Mon Oct 12 19:54:18 2015 -0400
committer	Adam Langley <agl@google.com>	Tue Oct 13 18:02:28 2015 +0000
tree	fe32b72aca781196fb0e037437c5846c25b9ce4e
parent	324dce4fd70ee84dc279c43c6ae29e672ea26e31 [diff] [blame]