From 5cc807da2571c52cc7c1c87197a81963def7ee3a Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 30 Nov 2017 11:28:26 +0000
Subject: Delay flush until after CCS with early_data

Normally we flush immediately after writing the ClientHello. However if
we are going to write a CCS immediately because we've got early_data to
come, then we should move the flush until after the CCS.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4701)
---
 ssl/statem/extensions_clnt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'ssl/statem/extensions_clnt.c')

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index f357396d81..2b3945970f 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1664,9 +1664,9 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
          * TLSv1.3, therefore we shouldn't be getting an HRR for anything else.
          */
         if (version != TLS1_3_VERSION) {
-            *al = SSL_AD_PROTOCOL_VERSION;
-            SSLerr(SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
-                   SSL_R_BAD_HRR_VERSION);
+            SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                     SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
+                     SSL_R_BAD_HRR_VERSION);
             return 0;
         }
         return 1;
-- 
cgit v1.2.3