git.ipfire.org Git - thirdparty/openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Wed, 19 Mar 2025 15:18:06 +0000 (15:18 +0000)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 20 Mar 2025 19:22:39 +0000 (20:22 +0100)
commit	95051052b319d346a8aa3d34d6105d683bb77294
tree	619f1e58ff79264bd9ead426df227a26c0f0378c	tree
parent	c1d27789e99543d366a8e0498cbab2d9543ef2cb	commit \| diff

Move the Handshake read secret change earlier in the process for QUIC 0-RTT

On the server side we were changing the handshake rx secret a little late.
This meant the application was forced to call SSL_do_handshake() again
even if there was nothing to read in order to get the secret. We move it
a little earlier int the process to avoid this.

Fixes the issue described in:
https://github.com/ngtcp2/ngtcp2/pull/1582#issuecomment-2735950083

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27101)

include/internal/statem.h		diff \| blob \| blame \| history
ssl/ssl_lib.c		diff \| blob \| blame \| history
ssl/statem/statem.c		diff \| blob \| blame \| history
ssl/statem/statem_clnt.c		diff \| blob \| blame \| history
ssl/statem/statem_srvr.c		diff \| blob \| blame \| history
test/sslapitest.c		diff \| blob \| blame \| history