From: Matt Caswell Date: Thu, 30 Mar 2017 15:06:29 +0000 (+0100) Subject: Fix s_client early data indicator X-Git-Tag: OpenSSL_1_1_1-pre1~1897 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=12557a3445acc2f53321a3806f0478b998edb9a8;p=openssl Fix s_client early data indicator s_client was always saying that early_data was rejected even when it was accepted. This was because it was using the wrong test to detect the end of the handshake. It was using SSL_in_init() which only tells you whether it is currently processing/sending/expecting handshake messages. It should use SSL_is_init_finished() which tells you that no handshake messages are being processed/sent/expected AND we have completed the handshake. In the early data case we are not processing/sending handshake messages and we are expecting early data (not a handshake message) - but the handshake has not yet completed. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3090) --- diff --git a/apps/s_client.c b/apps/s_client.c index 67e9a92572..fc18da282c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2403,7 +2403,7 @@ int s_client_main(int argc, char **argv) else timeoutp = NULL; - if (SSL_in_init(con) && !SSL_total_renegotiations(con) + if (!SSL_is_init_finished(con) && SSL_total_renegotiations(con) == 0 && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) { in_init = 1; tty_on = 0;