Verify that if we have an HRR then something will change

# define SSL_R_NO_CERTIFICATES_RETURNED                   176

# define SSL_R_NO_CERTIFICATE_ASSIGNED                    177

# define SSL_R_NO_CERTIFICATE_SET                         179

# define SSL_R_NO_CHANGE_FOLLOWING_HRR                    205

# define SSL_R_NO_CIPHERS_AVAILABLE                       181

# define SSL_R_NO_CIPHERS_SPECIFIED                       183

# define SSL_R_NO_CIPHER_MATCH                            185

    {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},

    {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},

    {ERR_REASON(SSL_R_NO_CERTIFICATE_SET), "no certificate set"},

    {ERR_REASON(SSL_R_NO_CHANGE_FOLLOWING_HRR), "no change following hrr"},

    {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE), "no ciphers available"},

    {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED), "no ciphers specified"},

    {ERR_REASON(SSL_R_NO_CIPHER_MATCH), "no cipher match"},

        goto f_err;

    }

    if (!PACKET_as_length_prefixed_2(pkt, &extpkt)) {

    if (!PACKET_as_length_prefixed_2(pkt, &extpkt)

               /* Must have a non-empty extensions block */

            || PACKET_remaining(&extpkt) == 0

               /* Must be no trailing data after extensions */

            || PACKET_remaining(pkt) != 0) {

        al = SSL_AD_DECODE_ERROR;

        SSLerr(SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST, SSL_R_BAD_LENGTH);

        goto f_err;

        goto f_err;

    OPENSSL_free(extensions);

    extensions = NULL;

    if (s->ext.tls13_cookie_len == 0 && s->s3->tmp.pkey != NULL) {

        /*

         * We didn't receive a cookie or a new key_share so the next

         * ClientHello will not change

         */

        al = SSL_AD_ILLEGAL_PARAMETER;

        SSLerr(SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST,

               SSL_R_NO_CHANGE_FOLLOWING_HRR);

        goto f_err;

    }

    /*

     * Re-initialise the Transcript Hash. We're going to prepopulate it with