Retry callback only after ClientHello received.

author Piotr Sikora <piotr@cloudflare.com>

Tue, 18 Mar 2014 23:55:32 +0000 (23:55 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 18 Mar 2014 23:58:39 +0000 (23:58 +0000)
author Piotr Sikora <piotr@cloudflare.com>
Tue, 18 Mar 2014 23:55:32 +0000 (23:55 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 18 Mar 2014 23:58:39 +0000 (23:58 +0000)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index bea6e2750bd3bebbdd7260e9f8dbc073e1fd2632..8d0e54315f680dfa913356744ccd902a8d20a4f0 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -950,7 +950,7 @@ int ssl3_get_client_hello(SSL *s)
  #endif
         STACK_OF(SSL_CIPHER) *ciphers=NULL;
  
-       if (s->state == SSL3_ST_SR_CLNT_HELLO_C)
+       if (s->state == SSL3_ST_SR_CLNT_HELLO_C && !s->first_packet)
                 goto retry_cert;
  
         /* We do this so that we will respond with our native type.
author	Piotr Sikora <piotr@cloudflare.com>
	Tue, 18 Mar 2014 23:55:32 +0000 (23:55 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 18 Mar 2014 23:58:39 +0000 (23:58 +0000)