Fix early data bug with pause between EoED and CF

If the server received EoED then SSL_read_early_data() will return SSL_READ_EARLY_DATA_FINISH. However if the CF has not yet been processed then SSL_is_init_finished() will still return 0. Therefore we should still be able to write early data. Fixes #3041 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3089)
2025-01-18 13:44:20 +08:00 · 2017-03-30 15:24:07 +01:00 · 2017-03-30 15:24:07 +01:00 · 116d0da5e8
commit 116d0da5e8
parent 1c7ae3dd9e
1 changed files with 1 additions and 0 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1829,6 +1829,7 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
        s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
        return ret;

+    case SSL_EARLY_DATA_FINISHED_READING:
    case SSL_EARLY_DATA_READ_RETRY:
        /* We are a server writing to an unauthenticated client */
        s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;