+#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION
+ static void SSLInfoCallback(const SSL* ssl, int where, int rc)
+ {
+ int fd = SSL_get_fd(const_cast<SSL*>(ssl));
+ issl_session& session = opensslmod->sessions[fd];
+
+ if ((where & SSL_CB_HANDSHAKE_START) && (session.status == ISSL_OPEN))
+ {
+ // The other side is trying to renegotiate, kill the connection and change status
+ // to ISSL_NONE so CheckRenego() closes the session
+ session.status = ISSL_NONE;
+ ServerInstance->SE->Shutdown(fd, 2);
+ }
+ }
+
+ bool CheckRenego(StreamSocket* sock, issl_session* session)
+ {
+ if (session->status != ISSL_NONE)
+ return true;
+
+ ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Session %p killed, attempted to renegotiate", (void*)session->sess);
+ CloseSession(session);
+ sock->SetError("Renegotiation is not allowed");
+ return false;
+ }
+#endif
+