Accept CCS after sending finished.

Allow CCS after finished has been sent by client: at this point keys have been correctly set up so it is OK to accept CCS from server. Without this renegotiation can sometimes fail. PR#3400 (cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
author: Dr. Stephen Henson <steve@openssl.org> 2014-06-14 22:24:08 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-06-14 22:26:56 +0100
commit: 70d923fb0359ed68e59b8c59d1687ebff6f8d952 (patch)
tree: 4b7a6b668d1b1a341770609df5da4d051dd19a1f /ssl/s3_clnt.c
parent: def1490717c091c6ef669da9fc5ea4c8b2a4d776 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 06fb2754f0..4b41a2be9d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -442,6 +442,7 @@ int ssl3_connect(SSL *s)
 				s->method->ssl3_enc->client_finished_label,
 				s->method->ssl3_enc->client_finished_label_len);
 			if (ret <= 0) goto end;
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			s->state=SSL3_ST_CW_FLUSH;
 
 			/* clear flags */
author	Dr. Stephen Henson <steve@openssl.org>	2014-06-14 22:24:08 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-06-14 22:26:56 +0100
commit	70d923fb0359ed68e59b8c59d1687ebff6f8d952 (patch)
tree	4b7a6b668d1b1a341770609df5da4d051dd19a1f /ssl/s3_clnt.c
parent	def1490717c091c6ef669da9fc5ea4c8b2a4d776 (diff)