From 81fc390fd96ad9fae21cda919513fb696cd24028 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Sat, 23 May 2015 21:05:19 +0100 Subject: [PATCH] Set first_packet for TLS clients Version negotiation was broken (one of the late changes in the review process broke it). The problem is that TLS clients do not set first_packet, whereas TLS/DTLS servers and DTLS clients do. The simple fix is to set first_packet for TLS clients too. Reviewed-by: Kurt Roeckx --- ssl/s3_clnt.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index ace0838106..f70dce4b0d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -947,8 +947,7 @@ int ssl3_get_server_hello(SSL *s) * Hello verify request and/or server hello version may not match so set * first packet if we're negotiating version. */ - if (SSL_IS_DTLS(s)) - s->first_packet = 1; + s->first_packet = 1; n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, @@ -957,8 +956,8 @@ int ssl3_get_server_hello(SSL *s) if (!ok) return ((int)n); + s->first_packet = 0; if (SSL_IS_DTLS(s)) { - s->first_packet = 0; if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { if (s->d1->send_cookie == 0) { s->s3->tmp.reuse_message = 1; -- 2.25.1