tor_tls_state_changed_callback(): detects of ClientHello is too late
It's a git master 58d1aa4 with #4312 (moved) fixes.
if (type == SSL_CB_ACCEPT_LOOP &&
ssl->state == SSL3_ST_SW_SRVR_HELLO_A) {
/* Call tor_tls_got_client_hello() for every SSL ClientHello we
receive. */
As OpenSSL's code says, such conditions happens not after ClientHello recved. It happens already when serverhello sent. It's too late for accurate counting cleinthello with limit renegs.
Server shouldn't say hello if doesn't want a new clienthello.
Correct states for such case is SSL3_ST_SR_CLNT_HELLO_A || SSL3_ST_SR_CLNT_HELLO_B || SSL3_ST_SR_CLNT_HELLO_C (reason is non blocking io)
Trac:
Username: troll_un