Fix s_client early data indicator

s_client was always saying that early_data was rejected even when it was accepted. This was because it was using the wrong test to detect the end of the handshake. It was using SSL_in_init() which only tells you whether it is currently processing/sending/expecting handshake messages. It should use SSL_is_init_finished() which tells you that no handshake messages are being processed/sent/expected AND we have completed the handshake. In the early data case we are not processing/sending handshake messages and we are expecting early data (not a handshake message) - but the handshake has not yet completed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3090)
2017-03-30 16:06:29 +01:00 · 2017-03-30 16:06:29 +01:00 · 12557a3445
commit 12557a3445
parent 9b5c865df0
1 changed files with 1 additions and 1 deletions
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -2403,7 +2403,7 @@ int s_client_main(int argc, char **argv)
        else
            timeoutp = NULL;

-        if (SSL_in_init(con) && !SSL_total_renegotiations(con)
+        if (!SSL_is_init_finished(con) && SSL_total_renegotiations(con) == 0
                && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) {
            in_init = 1;
            tty_on = 0;