From: Matt Caswell <matt@openssl.org>
Date: Mon, 13 Nov 2017 16:12:35 +0000 (+0000)
Subject: Ensure CCS sent before early_data has the correct record version
X-Git-Tag: OpenSSL_1_1_1-pre1~282
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7b0a3ce0f9f54cf7b527fe57d98748a7aaa571bd;p=oweals%2Fopenssl.git

Ensure CCS sent before early_data has the correct record version

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
---

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 6b899691f9..0e45b92fb0 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -323,7 +323,9 @@
                           && (s)->method->version != TLS_ANY_VERSION)
 
 # define SSL_TREAT_AS_TLS13(s) \
-    (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
+    (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
+     || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
+     || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
      || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
 
 # define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \