1
From 70d923fb0359ed68e59b8c59d1687ebff6f8d952 Mon Sep 17 00:00:00 2001
2
From: "Dr. Stephen Henson" <steve@openssl.org>
3
Date: Sat, 14 Jun 2014 22:24:08 +0100
4
Subject: [PATCH] Accept CCS after sending finished.
6
Allow CCS after finished has been sent by client: at this point
7
keys have been correctly set up so it is OK to accept CCS from
8
server. Without this renegotiation can sometimes fail.
11
(cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
14
1 file changed, 1 insertion(+)
16
Index: openssl-0.9.8k/ssl/s3_clnt.c
17
===================================================================
18
--- openssl-0.9.8k.orig/ssl/s3_clnt.c 2014-06-20 13:58:38.875773758 -0400
19
+++ openssl-0.9.8k/ssl/s3_clnt.c 2014-06-20 13:58:38.859773758 -0400
21
s->method->ssl3_enc->client_finished_label,
22
s->method->ssl3_enc->client_finished_label_len);
23
if (ret <= 0) goto end;
24
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
25
s->state=SSL3_ST_CW_FLUSH;