Implement support for resumption with a HelloRetryRequest
[openssl.git] / ssl / statem / statem_srvr.c
index 8aba6697f35343744952f4caca82d80c06c0e5a3..66743c37ad1224ed774e222bd1522abca245627c 100644 (file)
@@ -1842,13 +1842,6 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
             s->s3->tmp.new_cipher = s->session->cipher;
         }
 
-        if (!(s->verify_mode & SSL_VERIFY_PEER)) {
-            if (!ssl3_digest_cached_records(s, 0)) {
-                al = SSL_AD_INTERNAL_ERROR;
-                goto f_err;
-            }
-        }
-
         /*-
          * we now have the following setup.
          * client_random
@@ -1975,6 +1968,12 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
         goto err;
     }
 
+    if (!(s->verify_mode & SSL_VERIFY_PEER)
+            && !ssl3_digest_cached_records(s, 0)) {
+        al = SSL_AD_INTERNAL_ERROR;
+        goto err;
+    }
+
     return 1;
  err:
     ssl3_send_alert(s, SSL3_AL_FATAL, al);