Revert "Set renegotiation callbacks immediately on tls inititation"

This reverts commit e27a26d568a257cf350814a9abfa47d3b41ad9f3.

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 18f26847078d99a80ec5fae8589a2b945977e4de..a6947c87d8a850f18de622bacec009fa9b20d5e6 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1573,6 +1573,7 @@ tor_tls_set_renegotiate_callbacks(tor_tls_t *tls,
   tls->excess_renegotiations_callback = cb2;
   tls->callback_arg = arg;
   tls->got_renegotiate = 0;
+  SSL_set_info_callback(tls->ssl, tor_tls_state_changed_callback);
 }
 
 /** If this version of openssl requires it, turn on renegotiation on
@@ -1776,6 +1777,7 @@ tor_tls_finish_handshake(tor_tls_t *tls)
 {
   int r = TOR_TLS_DONE;
   if (tls->isServer) {
+    SSL_set_info_callback(tls->ssl, NULL);
     SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
     /* There doesn't seem to be a clear OpenSSL API to clear mode flags. */
     tls->ssl->mode &= ~SSL_MODE_NO_AUTO_CHAIN;

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index b865e136648e523193a868d76869daffe76fc182..6082be412163451d2cf584a9b994dbc2d7711ae5 100644 (file)
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -42,7 +42,6 @@ static int connection_or_check_valid_tls_handshake(or_connection_t *conn,
                                                    char *digest_rcvd_out);
 
 static void connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn);
-static void connection_or_close_connection_cb(void *_conn);
 
 #ifdef USE_BUFFEREVENTS
 static void connection_or_handle_event_cb(struct bufferevent *bufev,
@@ -1103,16 +1102,12 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving)
   conn->_base.state = OR_CONN_STATE_TLS_HANDSHAKING;
   tor_assert(!conn->tls);
   conn->tls = tor_tls_new(conn->_base.s, receiving);
+  tor_tls_set_logged_address(conn->tls, // XXX client and relay?
+      escaped_safe_str(conn->_base.address));
   if (!conn->tls) {
     log_warn(LD_BUG,"tor_tls_new failed. Closing.");
     return -1;
   }
-  tor_tls_set_logged_address(conn->tls, // XXX client and relay?
-      escaped_safe_str(conn->_base.address));
-  tor_tls_set_renegotiate_callbacks(conn->tls,
-                                    connection_or_tls_renegotiated_cb,
-                                    connection_or_close_connection_cb,
-                                    conn);
 #ifdef USE_BUFFEREVENTS
   if (connection_type_uses_bufferevent(TO_CONN(conn))) {
     const int filtering = get_options()->_UseFilteringSSLBufferevents;
@@ -1238,6 +1233,10 @@ connection_tls_continue_handshake(or_connection_t *conn)
           /* v2/v3 handshake, but not a client. */
           log_debug(LD_OR, "Done with initial SSL handshake (server-side). "
                            "Expecting renegotiation or VERSIONS cell");
+          tor_tls_set_renegotiate_callbacks(conn->tls,
+                                           connection_or_tls_renegotiated_cb,
+                                           connection_or_close_connection_cb,
+                                           conn);
           conn->_base.state = OR_CONN_STATE_TLS_SERVER_RENEGOTIATING;
           connection_stop_writing(TO_CONN(conn));
           connection_start_reading(TO_CONN(conn));
@@ -1298,6 +1297,10 @@ connection_or_handle_event_cb(struct bufferevent *bufev, short event,
       } else if (tor_tls_get_num_server_handshakes(conn->tls) == 1) {
         /* v2 or v3 handshake, as a server. Only got one handshake, so
          * wait for the next one. */
+        tor_tls_set_renegotiate_callbacks(conn->tls,
+                                         connection_or_tls_renegotiated_cb,
+                                         connection_or_close_connection_cb,
+                                         conn);
         conn->_base.state = OR_CONN_STATE_TLS_SERVER_RENEGOTIATING;
         /* return 0; */
         return; /* ???? */