Make the bufferevent code use the renegotiation-reenabling hack

src/common/tortls.c

@@ -195,7 +195,6 @@ static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa,
                                         const char *cname,
                                         const char *cname_sign,
                                         unsigned int lifetime);
-static void tor_tls_unblock_renegotiation(tor_tls_t *tls);
 
 /** Global tls context. We keep it here because nobody else needs to
  * touch it. */
@@ -1032,7 +1031,7 @@ tor_tls_set_renegotiate_callback(tor_tls_t *tls,
 /** If this version of openssl requires it, turn on renegotiation on
  * <b>tls</b>.
  */
-static void
+void
 tor_tls_unblock_renegotiation(tor_tls_t *tls)
 {
   /* Yes, we know what we are doing here.  No, we do not treat a renegotiation

src/common/tortls.h

@@ -66,6 +66,7 @@ int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);
 int tor_tls_handshake(tor_tls_t *tls);
 int tor_tls_finish_handshake(tor_tls_t *tls);
 int tor_tls_renegotiate(tor_tls_t *tls);
+void tor_tls_unblock_renegotiation(tor_tls_t *tls);
 void tor_tls_block_renegotiation(tor_tls_t *tls);
 int tor_tls_shutdown(tor_tls_t *tls);
 int tor_tls_get_pending_bytes(tor_tls_t *tls);

src/or/connection_or.c

@@ -1019,10 +1019,12 @@ connection_or_handle_event_cb(struct bufferevent *bufev, short event,
       if (!tor_tls_is_server(conn->tls)) {
         if (conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING) {
           conn->_base.state = OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING;
+          tor_tls_unblock_renegotiation(conn->tls);
           if (bufferevent_ssl_renegotiate(conn->_base.bufev)<0) {
             log_warn(LD_OR, "Start_renegotiating went badly.");
             connection_mark_for_close(TO_CONN(conn));
           }
+          tor_tls_unblock_renegotiation(conn->tls);
           return; /* ???? */
         }
       } else {