From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Rose <nornagon@nornagon.net>
Date: Tue, 18 Aug 2020 09:51:46 -0700
Subject: fix: enable TLS renegotiation

This configures BoringSSL to behave more similarly to OpenSSL.
See https://github.com/electron/electron/issues/18380.

This should be upstreamed.

diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
index bb09ee99e070172a3764119cf85f3eef4d79df87..95bbc4c6a62ccf19a9d94a6afa4f2ce277c9bd4c 100644
--- a/src/tls_wrap.cc
+++ b/src/tls_wrap.cc
@@ -128,6 +128,12 @@ void TLSWrap::InitSSL() {
   // - https://wiki.openssl.org/index.php/TLS1.3#Non-application_data_records
   SSL_set_mode(ssl_.get(), SSL_MODE_AUTO_RETRY);
 
+#ifdef OPENSSL_IS_BORINGSSL
+  // OpenSSL allows renegotiation by default, but BoringSSL disables it.
+  // Configure BoringSSL to match OpenSSL's behavior.
+  SSL_set_renegotiate_mode(ssl_.get(), ssl_renegotiate_freely);
+#endif
+
   SSL_set_app_data(ssl_.get(), this);
   // Using InfoCallback isn't how we are supposed to check handshake progress:
   //   https://github.com/openssl/openssl/issues/7199#issuecomment-420915993