Delay flush until after CCS with early_data

Normally we flush immediately after writing the ClientHello. However if we are going to write a CCS immediately because we've got early_data to come, then we should move the flush until after the CCS. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
author: Matt Caswell <matt@openssl.org> 2017-11-30 11:28:26 +0000
committer: Matt Caswell <matt@openssl.org> 2017-12-14 15:06:38 +0000
commit: 5cc807da2571c52cc7c1c87197a81963def7ee3a (patch)
tree: c1f93c160ba832949cc0732980ade7bf97e7dec7 /ssl/statem/extensions_clnt.c
parent: 7b0a3ce0f9f54cf7b527fe57d98748a7aaa571bd (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index f357396d81..2b3945970f 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1664,9 +1664,9 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
          * TLSv1.3, therefore we shouldn't be getting an HRR for anything else.
          */
         if (version != TLS1_3_VERSION) {
-            *al = SSL_AD_PROTOCOL_VERSION;
-            SSLerr(SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
-                   SSL_R_BAD_HRR_VERSION);
+            SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                     SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
+                     SSL_R_BAD_HRR_VERSION);
             return 0;
         }
         return 1;
author	Matt Caswell <matt@openssl.org>	2017-11-30 11:28:26 +0000
committer	Matt Caswell <matt@openssl.org>	2017-12-14 15:06:38 +0000
commit	5cc807da2571c52cc7c1c87197a81963def7ee3a (patch)
tree	c1f93c160ba832949cc0732980ade7bf97e7dec7 /ssl/statem/extensions_clnt.c
parent	7b0a3ce0f9f54cf7b527fe57d98748a7aaa571bd (diff)