Don't set SSL_MODE_NO_AUTO_CHAIN during renegotiation.
If during the renegotiation's ClientHello a client passes:
if (tor_tls_client_is_using_v2_ciphers(ssl, ADDR(tls))) {
in tor_tls_server_info_callback()
(or tor_tls_got_client_hello()
in master
), we don't send a full certificate chain to the client.
The above if
statement should only be examined during the initial SSL handshake.
There was already a
/*XXXX_TLS keep this from happening more than once! */
comment that never got implemented.