First cut of renegotiation extension.

ssl/s3_srvr.c

@@ -718,15 +718,6 @@ int ssl3_get_client_hello(SSL *s)
 #endif
 	STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
-#ifndef OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION
-	if (s->new_session)
-		{
-		al=SSL_AD_HANDSHAKE_FAILURE;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_RENEGOTIATION);
-		goto f_err;
-		}
-#endif  /* ndef OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION */
-
 	/* We do this so that we will respond with our native type.
 	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
 	 * This down switching should be handled by a different method.