From: Olivier Houchard <ohouchard@haproxy.com>
Date: Wed, 22 Nov 2017 18:12:10 +0000 (+0100)
Subject: MINOR: ssl: Don't disable early data handling if we could not write.
X-Git-Tag: v1.8.0~61
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=424ecfb33ca412d8b8bc8edd531975a5440bc9ce;p=thirdparty%2Fhaproxy.git

MINOR: ssl: Don't disable early data handling if we could not write.

If we can't write early data, for some reason, don't give up on reading them,
they may still be early data to be read, and if we don't do so, openssl
internal states might be inconsistent, and the handshake will fail.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b8793fce66..24bb368771 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5514,7 +5514,6 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
 			if (try + conn->tmp_early_data > max_early) {
 				try -= (try + conn->tmp_early_data) - max_early;
 				if (try <= 0) {
-					conn->flags &= ~CO_FL_EARLY_SSL_HS;
 					conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
 					break;
 				}