From 1c1e4160e069818a0f9ebf080f57ac5282ae1bff Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 18 Jul 2018 11:16:28 +0100 Subject: [PATCH] Don't skip over early_data if we sent an HRR It is not valid to send early_data after an HRR has been received. Fixes #6734 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6737) --- ssl/statem/statem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index e836769666..cf6472c757 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -179,7 +179,9 @@ int ossl_statem_skip_early_data(SSL *s) if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) return 0; - if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA) + if (!s->server + || s->statem.hand_state != TLS_ST_EARLY_DATA + || s->hello_retry_request == SSL_HRR_COMPLETE) return 0; return 1; -- 2.25.1