Accept CCS after sending finished.

Allow CCS after finished has been sent by client: at this point keys have been correctly set up so it is OK to accept CCS from server. Without this renegotiation can sometimes fail. PR#3400 (cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
2014-06-14 22:24:08 +01:00 · 2014-06-14 22:24:08 +01:00 · 9beb75d3c4
commit 9beb75d3c4
parent 042ef467ee
1 changed files with 1 additions and 0 deletions
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@ -510,6 +510,7 @@ int ssl3_connect(SSL *s)
 				s->method->ssl3_enc->client_finished_label,
 				s->method->ssl3_enc->client_finished_label_len);
 			if (ret <= 0) goto end;
+			s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			s->state=SSL3_ST_CW_FLUSH;

 			/* clear flags */