BUG/MEDIUM: ssl: Don't report read data as early data with AWS-LC

To read early data with AWS-LC (and BoringSSL), we have to use
SSL_read(). But SSL_read() will also try to do the handshake if it
hasn't been done yet, and at some point will do the handshake and will
return data that are actually not early data. So use SSL_in_early_data()
to make sure that the data we received are actually early data, and only
if so add the CO_FL_EARLY_DATA flag. Otherwise any data first received will be
considered early, and a Early-data header will be added.
As this bug was introduced by 76ba026548975a6d1bc23d1344807c64d994bf1e,
it should be backported with it.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 839aed94ca2166a9574f9cd23a880889b4f0bc3a..dcd3a231b112265196e55ea37f2c4873a1aeea22 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6059,7 +6059,8 @@ static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
                        ret = SSL_read(ctx->ssl, b_tail(&ctx->early_buf),
                                       b_room(&ctx->early_buf));
                        if (ret > 0) {
-                               conn->flags |= CO_FL_EARLY_DATA;
+                               if (SSL_in_early_data(ctx->ssl))
+                                       conn->flags |= CO_FL_EARLY_DATA;
                                b_add(&ctx->early_buf, ret);
                        } else {
                                int err = SSL_get_error(ctx->ssl, ret);