diff options
author | Jeremy Rose <nornagon@nornagon.net> | 2020-08-18 20:05:43 +0300 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2020-08-23 00:47:55 +0300 |
commit | 8e8d429277a8bbf40bca53ba8dd4edef4e7e4871 (patch) | |
tree | 413112f4f636049170c0bd225aed925d7ccfd305 /src | |
parent | f5102fbcf4d959629413e7b8ddb37275286a50d8 (diff) |
tls: enable renegotiation when using BoringSSL
PR-URL: https://github.com/nodejs/node/pull/34832
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/tls_wrap.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc index 04c035a1e8f..91faeafb62b 100644 --- a/src/tls_wrap.cc +++ b/src/tls_wrap.cc @@ -131,6 +131,12 @@ void TLSWrap::InitSSL() { // - https://wiki.openssl.org/index.php/TLS1.3#Non-application_data_records SSL_set_mode(ssl_.get(), SSL_MODE_AUTO_RETRY); +#ifdef OPENSSL_IS_BORINGSSL + // OpenSSL allows renegotiation by default, but BoringSSL disables it. + // Configure BoringSSL to match OpenSSL's behavior. + SSL_set_renegotiate_mode(ssl_.get(), ssl_renegotiate_freely); +#endif + SSL_set_app_data(ssl_.get(), this); // Using InfoCallback isn't how we are supposed to check handshake progress: // https://github.com/openssl/openssl/issues/7199#issuecomment-420915993 |