diff options
author | Matt Caswell <matt@openssl.org> | 2018-07-18 13:16:28 +0300 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-07-19 14:46:43 +0300 |
commit | 1c1e4160e069818a0f9ebf080f57ac5282ae1bff (patch) | |
tree | 4fa511e7c8416b659f7b3f33d7c703b32f5ae845 /ssl | |
parent | 1c073b9521ce7dbdd5689bdf7ae5fa87557c3529 (diff) |
Don't skip over early_data if we sent an HRR
It is not valid to send early_data after an HRR has been received.
Fixes #6734
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6737)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index e836769666..cf6472c757 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -179,7 +179,9 @@ int ossl_statem_skip_early_data(SSL *s) if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) return 0; - if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA) + if (!s->server + || s->statem.hand_state != TLS_ST_EARLY_DATA + || s->hello_retry_request == SSL_HRR_COMPLETE) return 0; return 1; |