From f25e4263fe9273d8bdd6a798f8f0b8cb3faeacf9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 14 Jun 2014 22:24:08 +0100 Subject: [PATCH] Accept CCS after sending finished. Allow CCS after finished has been sent by client: at this point keys have been correctly set up so it is OK to accept CCS from server. Without this renegotiation can sometimes fail. PR#3400 (cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41) --- ssl/s3_clnt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 2b1d2b8c57..4e5a95353b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -467,6 +467,7 @@ int ssl3_connect(SSL *s) s->method->ssl3_enc->client_finished_label, s->method->ssl3_enc->client_finished_label_len); if (ret <= 0) goto end; + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->state=SSL3_ST_CW_FLUSH; /* clear flags */ -- 2.25.1