From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 14 Jun 2014 21:24:08 +0000 (+0100)
Subject: Accept CCS after sending finished.
X-Git-Tag: master-post-reformat~699
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3b77f01702cbbb75c7718f876a2053d5a882fe89;p=oweals%2Fopenssl.git

Accept CCS after sending finished.

Allow CCS after finished has been sent by client: at this point
keys have been correctly set up so it is OK to accept CCS from
server. Without this renegotiation can sometimes fail.

PR#3400
---

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index cd43873e56..d009400891 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -550,6 +550,7 @@ int ssl3_connect(SSL *s)
 				s->method->ssl3_enc->client_finished_label,
 				s->method->ssl3_enc->client_finished_label_len);
 			if (ret <= 0) goto end;
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			s->state=SSL3_ST_CW_FLUSH;
 
 			/* clear flags */