From 990a10909df5c6069df924d5b2d1a6f1c3ffd4f8 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Tue, 11 Mar 2025 14:06:38 +0000
Subject: [PATCH] ssl-opt: Fragmented HS renegotiation, updated documentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 19e4b95610..b680c11eb5 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -13721,7 +13721,7 @@ run_test    "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (u
             -s "bad client hello message" \
             -s "SSL - A message could not be parsed due to a syntactic error"
 
-# Test Server Buffer resizing with fragmented handshake on TLS1.2
+# Test server-side buffer resizing with fragmented handshake on TLS1.2
 requires_openssl_3_x
 requires_protocol_version tls12
 requires_certificate_authentication
@@ -13739,7 +13739,7 @@ run_test    "Handshake defragmentation on server with buffer resizing: len=256,
             -s "Prepare: waiting for more handshake fragments 256/[0-9]\\+" \
             -s "Consume: waiting for more handshake fragments 256/[0-9]\\+"
 
-# Test Client initiated renegotiation with fragmented handshake on TLS1.2
+# Test client-initiated renegotiation with fragmented handshake on TLS1.2
 requires_openssl_3_x
 requires_protocol_version tls12
 requires_certificate_authentication
@@ -13776,7 +13776,13 @@ run_test    "Handshake defragmentation with client-initiated renegotiation: len=
             -s "Prepare: waiting for more handshake fragments 512/[0-9]\\+" \
             -s "Consume: waiting for more handshake fragments 512/[0-9]\\+" \
 
-# Test Server initiated renegotiation with fragmented handshake on TLS1.2
+# Test server-initiated renegotiation with fragmented handshake on TLS1.2
+# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server
+# to initiate a handshake renegotiation.
+# Note: Adjusting the renegotiation delay beyond the library's default value
+# of 16 is necessary, as it sets the maximum record depth to match it.
+# Splitting messages during the renegotiation process requires a deeper
+# stack to accommodate the increased processing complexity.
 requires_openssl_3_x
 requires_protocol_version tls12
 requires_certificate_authentication