diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-30 16:06:29 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-30 16:16:38 +0100 |
commit | 12557a3445acc2f53321a3806f0478b998edb9a8 (patch) | |
tree | 341d06cc5aa7e95968dc23c1cbbc20f4022a387e /apps | |
parent | 9b5c865df0626d85065eacff714f20e2c721ca56 (diff) |
Fix s_client early data indicator
s_client was always saying that early_data was rejected even when it was
accepted. This was because it was using the wrong test to detect the end
of the handshake. It was using SSL_in_init() which only tells you whether
it is currently processing/sending/expecting handshake messages. It should
use SSL_is_init_finished() which tells you that no handshake messages are
being processed/sent/expected AND we have completed the handshake. In the
early data case we are not processing/sending handshake messages and we
are expecting early data (not a handshake message) - but the handshake has
not yet completed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3090)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_client.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 67e9a92572..fc18da282c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2403,7 +2403,7 @@ int s_client_main(int argc, char **argv) else timeoutp = NULL; - if (SSL_in_init(con) && !SSL_total_renegotiations(con) + if (!SSL_is_init_finished(con) && SSL_total_renegotiations(con) == 0 && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) { in_init = 1; tty_on = 0; |