Commit 1c1e4160 authored by Matt Caswell's avatar Matt Caswell
Browse files

Don't skip over early_data if we sent an HRR 



It is not valid to send early_data after an HRR has been received.

Fixes #6734

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6737)
parent 1c073b95

ssl/statem/statem.c

+3 −1
Original line number Diff line number Diff line
@@ -179,7 +179,9 @@ int ossl_statem_skip_early_data(SSL *s) 
    if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)

        return 0;



    if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA)

    if (!s->server

            || s->statem.hand_state != TLS_ST_EARLY_DATA

            || s->hello_retry_request == SSL_HRR_COMPLETE)

        return 0;



    return 1;