Our server-side renegotiation-detection logic has grown baroque and ugly
Currently, bufferevent- and non-bufferevent code takes alternate approaches to detecting when a client has done a TLS renegotiation.
The non-bufferevent code detects renegotiation when it gets a positive result from SSL_read() tor_tls_read() , and invokes a renegotiation callback there. The bufferevent code checks for callback in connection_or_process_inbuf when it's waiting for a renegotiation, and calls the callback when it gets one.
Really, it would be nice to unify these approaches better.
See legacy/trac#2205 (moved) for some approaches here. A cleaned-up version of my bug2205_idea branch plus cypherpunks' idea_raw patch would let us have both versions of the code use the current bufferevent approach safely.