Retry callback only after ClientHello received.

[openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 1e2f251693b94c1f1430b621eefddee9e6c50b2a..a787c6d32d8c004abe6ca68406e76c082aa9fb0b 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -949,7 +949,7 @@ int ssl3_get_client_hello(SSL *s)
 #endif
        STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
-       if (s->state == SSL3_ST_SR_CLNT_HELLO_C)
+       if (s->state == SSL3_ST_SR_CLNT_HELLO_C && !s->first_packet)
                goto retry_cert;
 
        /* We do this so that we will respond with our native type.
@@ -3725,8 +3725,7 @@ int tls1_send_server_supplemental_data(SSL *s, int *skip)
                        if (!record->fn1)
                                continue;
                        cb_retval = record->fn1(s, record->supp_data_type,
-                                                                       &out, &outlen, &al,
-                       record->arg);
+                                               &out, &outlen, &al, record->arg);
                        if (cb_retval == -1)
                                continue; /* skip this supp data entry */
                        if (cb_retval == 0)
@@ -3807,17 +3806,17 @@ int tls1_get_client_supplemental_data(SSL *s)
        long n;
        const unsigned char *p, *d;
        unsigned short supp_data_entry_type = 0;
-       unsigned long supp_data_entry_len = 0;
+       unsigned short supp_data_entry_len = 0;
        unsigned long supp_data_len = 0;
        size_t i = 0;
 
        n=s->method->ssl_get_message(s,
-                                                                SSL3_ST_SR_SUPPLEMENTAL_DATA_A,
-                                                                SSL3_ST_SR_SUPPLEMENTAL_DATA_B,
-                                                                SSL3_MT_SUPPLEMENTAL_DATA,
-                                                                /* use default limit */
-                                                                TLSEXT_MAXLEN_supplemental_data,
-                                                                &ok);
+                                    SSL3_ST_SR_SUPPLEMENTAL_DATA_A,
+                                    SSL3_ST_SR_SUPPLEMENTAL_DATA_B,
+                                    SSL3_MT_SUPPLEMENTAL_DATA,
+                                    /* use default limit */
+                                    TLSEXT_MAXLEN_supplemental_data,
+                                    &ok);
 
        if (!ok) return((int)n);