]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 777e4b9)
MINOR: ssl: Don't disable early data handling if we could not write.
authorOlivier Houchard <ohouchard@haproxy.com>
Wed, 22 Nov 2017 18:12:10 +0000 (19:12 +0100)
committerWilly Tarreau <w@1wt.eu>
Wed, 22 Nov 2017 18:27:14 +0000 (19:27 +0100)
If we can't write early data, for some reason, don't give up on reading them,
they may still be early data to be read, and if we don't do so, openssl
internal states might be inconsistent, and the handshake will fail.

src/ssl_sock.c patch | blob | blame | history

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b8793fce6679ef7638e1ec8ec664e86cc9a7386b..24bb3687714677954b2ceb4d30cddf5b77f55790 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5514,7 +5514,6 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
                        if (try + conn->tmp_early_data > max_early) {
                                try -= (try + conn->tmp_early_data) - max_early;
                                if (try <= 0) {
-                                       conn->flags &= ~CO_FL_EARLY_SSL_HS;
                                        conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
                                        break;
                                }
Mirror of https://github.com/haproxy/haproxy.git