unsigned int context, X509 *x,
size_t chainidx, int *al)
{
- const unsigned char *id;
- size_t idlen;
+ const unsigned char *id = NULL;
+ size_t idlen = 0;
SSL_SESSION *psksess = NULL;
SSL_SESSION *edsess = NULL;
const EVP_MD *handmd = NULL;
* extension, we set it to accepted.
*/
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
+ s->ext.early_data_ok = 1;
return EXT_RETURN_SENT;
}
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding)
|| !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) {
SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_PADDING, ERR_R_INTERNAL_ERROR);
- return 0;
+ return EXT_RETURN_FAIL;
}
memset(padbytes, 0, hlen);
}
err:
return ret;
#else
- return 1;
+ return EXT_RETURN_SENT;
#endif
}
}
s->s3->alpn_selected_len = len;
- /* We also put a copy in the session */
- OPENSSL_free(s->session->ext.alpn_selected);
- s->session->ext.alpn_selected = OPENSSL_memdup(s->s3->alpn_selected,
- s->s3->alpn_selected_len);
- s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
-
- if (s->session->ext.alpn_selected == NULL) {
- *al = SSL_AD_INTERNAL_ERROR;
- return 0;
+ if (s->session->ext.alpn_selected == NULL
+ || s->session->ext.alpn_selected_len != len
+ || memcmp(s->session->ext.alpn_selected, s->s3->alpn_selected, len)
+ != 0) {
+ /* ALPN not consistent with the old session so cannot use early_data */
+ s->ext.early_data_ok = 0;
+ }
+ if (!s->hit) {
+ /* If a new session then update it with the selected ALPN */
+ s->session->ext.alpn_selected =
+ OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+ if (s->session->ext.alpn_selected == NULL) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
+ s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
}
return 1;
return 0;
}
- if (s->ext.early_data != SSL_EARLY_DATA_REJECTED
+ if (!s->ext.early_data_ok
|| !s->hit
|| s->session->ext.tick_identity != 0) {
/*
* If we get here then we didn't send early data, or we didn't resume
- * using the first identity so the server should not be accepting it.
+ * using the first identity, or the SNI/ALPN is not consistent so the
+ * server should not be accepting it.
*/
*al = SSL_AD_ILLEGAL_PARAMETER;
return 0;