From db06f99aaf5e25549858a1f679186ea97ba7537e Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 21 May 2020 18:34:34 +0000
Subject: Actually set the hrr flag when sending a HelloRetryRequest.

Without this, when SNI is in use the second ClientHello will result in an
error.

Found the hard way by sthen@.

ok sthen@ tb@
---
 src/lib/libssl/tls13_server.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 03d0e488ba..42409edbf7 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.49 2020/05/19 16:35:21 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.50 2020/05/21 18:34:34 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -321,6 +321,8 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb)
 {
 	int nid;
 
+	ctx->hs->hrr = 1;
+
 	if (!tls13_synthetic_handshake_message(ctx))
 		return 0;
 
-- 
cgit v1.2.3-55-g6feb