diff options
author | Daiki Ueno <dueno@redhat.com> | 2018-06-13 17:43:32 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-06-15 11:51:11 +0000 |
commit | 6f83dca86bbe3f82339e2780eb90c40b03767869 (patch) | |
tree | f98175983899ede7e5dca00fb0253078fa7c8a05 /lib/handshake.c | |
parent | b4385d3c28ef16c3b9cbd6a3933e04826ca34aab (diff) | |
download | gnutls-6f83dca86bbe3f82339e2780eb90c40b03767869.tar.gz |
_gnutls_send_change_cipher_spec: don't cache under TLS 1.3
Under TLS 1.3, when the server sent HRR, CCS may be followed by
receiving ClientHello. In that case, the messsage shouldn't be
cached.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/handshake.c')
-rw-r--r-- | lib/handshake.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/handshake.c b/lib/handshake.c index 278769e2f8..dd2e02908c 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -3043,6 +3043,14 @@ ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session, int again) return gnutls_assert_val(ret); } + /* under TLS 1.3, CCS may be immediately followed by + * receiving ClientHello thus cannot be cached */ + if (vers && vers->tls13_sem) { + ret = _gnutls_handshake_io_write_flush(session); + if (ret < 0) + return gnutls_assert_val(ret); + } + _gnutls_handshake_log("REC[%p]: Sent ChangeCipherSpec\n", session); } |