Swap branches accepting/refusing renegotiation in in ssl_read
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 54867da..c722966 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4770,10 +4770,20 @@
}
#endif
- if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
- ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
- ssl->allow_legacy_renegotiation ==
- SSL_LEGACY_NO_RENEGOTIATION ) )
+ if( ! ( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
+ ( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
+ ssl->allow_legacy_renegotiation ==
+ SSL_LEGACY_NO_RENEGOTIATION ) ) )
+ {
+ ret = ssl_start_renegotiation( ssl );
+ if( ret != POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
+ ret != 0 )
+ {
+ SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
+ return( ret );
+ }
+ }
+ else
{
SSL_DEBUG_MSG( 3, ( "ignoring renegotiation, sending alert" ) );
@@ -4807,16 +4817,6 @@
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
}
- else
- {
- ret = ssl_start_renegotiation( ssl );
- if( ret != POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
- ret != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
- return( ret );
- }
- }
return( POLARSSL_ERR_NET_WANT_READ );
}