[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Thu Mar 30 15:19:57 UTC 2017

The branch master has been updated
       via  12557a3445acc2f53321a3806f0478b998edb9a8 (commit)
      from  9b5c865df0626d85065eacff714f20e2c721ca56 (commit)

- Log -----------------------------------------------------------------
commit 12557a3445acc2f53321a3806f0478b998edb9a8
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 30 16:06:29 2017 +0100

    Fix s_client early data indicator
    s_client was always saying that early_data was rejected even when it was
    accepted. This was because it was using the wrong test to detect the end
    of the handshake. It was using SSL_in_init() which only tells you whether
    it is currently processing/sending/expecting handshake messages. It should
    use SSL_is_init_finished() which tells you that no handshake messages are
    being processed/sent/expected AND we have completed the handshake. In the
    early data case we are not processing/sending handshake messages and we
    are expecting early data (not a handshake message) - but the handshake has
    not yet completed.
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3090)


Summary of changes:
 apps/s_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 67e9a92..fc18da2 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2403,7 +2403,7 @@ int s_client_main(int argc, char **argv)
             timeoutp = NULL;
-        if (SSL_in_init(con) && !SSL_total_renegotiations(con)
+        if (!SSL_is_init_finished(con) && SSL_total_renegotiations(con) == 0
                 && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) {
             in_init = 1;
             tty_on = 0;

More information about the openssl-commits mailing list