handoff: set |enable_early_data| as part of handback.

This doesn't change the serialization: it just adds |enable_early_data| to the list of early data fields that get updated by SSL_apply_handback(). This is needed because, for example, add_new_session_tickets(), which runs after handback, performs certain actions iff |enable_early_data| is set. Plus it just seems cleaner. Change-Id: Ibcdb745ff9bcbeb2af2475f69f9f798937e7ee63 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39804 Reviewed-by: David Benjamin <[email protected]> Commit-Queue: Matt Braithwaite <[email protected]>
ClickHouse · Feb 4, 2020 · 9e23361 · 9e23361
1 parent 032fc66
commit 9e23361
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/ssl/handoff.cc b/ssl/handoff.cc
@@ -349,6 +349,10 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
   if (type == handback_tls13 || type == handback_tls13_early_data) {
     early_data_t early_data;
     // Check early data invariants.
+    if (ssl->enable_early_data ==
+        (s3->early_data_reason == ssl_early_data_disabled)) {
+      return false;
+    }
     if (hs->early_data_offered) {
       if (s3->early_data_accepted && !s3->skip_early_data) {
         early_data = early_data_accepted;
@@ -512,6 +516,7 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
 
     s3->early_data_reason =
         static_cast<ssl_early_data_reason_t>(early_data_reason);
+    ssl->enable_early_data = s3->early_data_reason != ssl_early_data_disabled;
     s3->skip_early_data = false;
     s3->early_data_accepted = false;
     hs->early_data_offered = false;