- if (server) {
- if (st->state != MSG_FLOW_RENEGOTIATE) {
- s->ctx->stats.sess_accept++;
- } else if (!s->s3->send_connection_binding &&
- !(s->options &
- SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
- /*
- * Server attempting to renegotiate with client that doesn't
- * support secure renegotiation.
- */
- SSLerr(SSL_F_STATE_MACHINE,
- SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
- ossl_statem_set_error(s);
- goto end;
+ if (server) {
+ if (st->state != MSG_FLOW_RENEGOTIATE) {
+ s->ctx->stats.sess_accept++;
+ } else if (!s->s3->send_connection_binding &&
+ !(s->options &
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+ /*
+ * Server attempting to renegotiate with client that doesn't
+ * support secure renegotiation.
+ */
+ SSLerr(SSL_F_STATE_MACHINE,
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ossl_statem_set_error(s);
+ goto end;
+ } else {
+ /*
+ * st->state == MSG_FLOW_RENEGOTIATE, we will just send a
+ * HelloRequest
+ */
+ s->ctx->stats.sess_accept_renegotiate++;
+
+ s->s3->tmp.cert_request = 0;
+ }