tls: evolve handshake serialization into simultaneous_ssl_handshake_restriction

This patch adapts the recent change about serializing the number of
simultaneous tls handshakes allowed to 1, so you can set the number in the
context creation info, and the accounting for it is handled by counters
same as the overally tls restriction.

The name of the context info var to control it changes to simultaneous_ssl_handshake_restriction
which is now a count, the default 0 means no limit.

The count rejects tls connection attempts when the tls borrow is attempted,
and separately hands back the hs borrow from the tls borrow when the
connection attempt fails or succeeds.

2 files changed, 3 insertions, 2 deletions

diff --git a/lib/core-net/client/connect.c b/lib/core-net/client/connect.c
index 4b45bbe0..1844abef 100644
--- a/lib/core-net/client/connect.c
+++ b/lib/core-net/client/connect.c
@@ -530,8 +530,8 @@ bail3:
 
 bail:
 #if defined(LWS_WITH_TLS)
-	if (wsi->tls.ssl && wsi->tls_borrowed)
-		lws_tls_restrict_return(i->context);
+	if (wsi->tls.ssl)
+		lws_tls_restrict_return(wsi);
 #endif
 
 	lws_free_set_NULL(wsi->stash);
diff --git a/lib/core-net/private-lib-core-net.h b/lib/core-net/private-lib-core-net.h
index 1f566178..3f507311 100644
--- a/lib/core-net/private-lib-core-net.h
+++ b/lib/core-net/private-lib-core-net.h
@@ -809,6 +809,7 @@ struct lws {
 	unsigned int			client_proxy_onward:1;
 #endif
 	unsigned int                    tls_borrowed:1;
+	unsigned int                    tls_borrowed_hs:1;
 	unsigned int                    tls_read_wanted_write:1;
 
 #ifdef LWS_WITH_ACCESS_LOG