From cf1bfa65919c137008982a646249ed60b5283725 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 24 Sep 2015 22:45:57 -0400
Subject: Add the SECURE_RENEG environment variable

---
 nss_engine_kernel.c | 1 +
 nss_engine_vars.c   | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c
index 9ce1411..93e7c74 100644
--- a/nss_engine_kernel.c
+++ b/nss_engine_kernel.c
@@ -795,6 +795,7 @@ static const char *nss_hook_Fixup_vars[] = {
     "SSL_VERSION_INTERFACE",
     "SSL_VERSION_LIBRARY",
     "SSL_PROTOCOL",
+    "SSL_SECURE_RENEG",
     "SSL_CIPHER",
     "SSL_CIPHER_NAME",
     "SSL_CIPHER_EXPORT",
diff --git a/nss_engine_vars.c b/nss_engine_vars.c
index 7a0d08b..5c83408 100644
--- a/nss_engine_vars.c
+++ b/nss_engine_vars.c
@@ -352,6 +352,13 @@ static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
             PORT_Free(hostInfo);
         }
     }
+    else if (ssl != NULL && strcEQ(var, "SECURE_RENEG")) {
+        PRInt32 flag = 0;
+#ifdef SSL_ENABLE_RENEGOTIATION
+        SSL_OptionGet(ssl, SSL_ENABLE_RENEGOTIATION, &flag);
+#endif
+        result = apr_pstrdup(p, flag ? "true" : "false");
+    }
 
     return result;
 }
-- 
cgit