From: Matt Caswell Date: Wed, 18 Jul 2018 10:16:28 +0000 (+0100) Subject: Don't skip over early_data if we sent an HRR X-Git-Tag: OpenSSL_1_1_1-pre9~123 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=1c1e4160e069818a0f9ebf080f57ac5282ae1bff;p=oweals%2Fopenssl.git Don't skip over early_data if we sent an HRR It is not valid to send early_data after an HRR has been received. Fixes #6734 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6737) --- diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index e836769666..cf6472c757 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -179,7 +179,9 @@ int ossl_statem_skip_early_data(SSL *s) if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) return 0; - if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA) + if (!s->server + || s->statem.hand_state != TLS_ST_EARLY_DATA + || s->hello_retry_request == SSL_HRR_COMPLETE) return 0; return 1;