_gnutls_send_change_cipher_spec: don't cache under TLS 1.3

Under TLS 1.3, when the server sent HRR, CCS may be followed by receiving ClientHello. In that case, the messsage shouldn't be cached. Signed-off-by: Daiki Ueno <dueno@redhat.com>
author: Daiki Ueno <dueno@redhat.com> 2018-06-13 17:43:32 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-06-15 11:51:11 +0000
commit: 6f83dca86bbe3f82339e2780eb90c40b03767869 (patch)
tree: f98175983899ede7e5dca00fb0253078fa7c8a05 /lib/handshake.c
parent: b4385d3c28ef16c3b9cbd6a3933e04826ca34aab (diff)
download: gnutls-6f83dca86bbe3f82339e2780eb90c40b03767869.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/handshake.c b/lib/handshake.c
index 278769e2f8..dd2e02908c 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -3043,6 +3043,14 @@ ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session, int again)
 			return gnutls_assert_val(ret);
 		}
 
+		/* under TLS 1.3, CCS may be immediately followed by
+		 * receiving ClientHello thus cannot be cached */
+		if (vers && vers->tls13_sem) {
+			ret = _gnutls_handshake_io_write_flush(session);
+			if (ret < 0)
+				return gnutls_assert_val(ret);
+		}
+
 		_gnutls_handshake_log("REC[%p]: Sent ChangeCipherSpec\n",
 				      session);
 	}
author	Daiki Ueno <dueno@redhat.com>	2018-06-13 17:43:32 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-06-15 11:51:11 +0000
commit	6f83dca86bbe3f82339e2780eb90c40b03767869 (patch)
tree	f98175983899ede7e5dca00fb0253078fa7c8a05 /lib/handshake.c
parent	b4385d3c28ef16c3b9cbd6a3933e04826ca34aab (diff)
download	gnutls-6f83dca86bbe3f82339e2780eb90c40b03767869.tar.gz