From de21693550e907286f80eedf4165b09a8fe80e67 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Sat, 25 Jan 2020 13:21:52 +0000
Subject: Preserve the transcript hash for the client finished message, and
 correct the message type for certificate request.

ok jsing@
---
 src/lib/libssl/tls13_handshake.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index 1528bd5e2a..7d150930d9 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_handshake.c,v 1.46 2020/01/25 13:11:20 tb Exp $	*/
+/*	$OpenBSD: tls13_handshake.c,v 1.47 2020/01/25 13:21:52 beck Exp $	*/
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -86,6 +86,7 @@ struct tls13_handshake_action state_machine[] = {
 	[CLIENT_FINISHED] = {
 		.handshake_type = TLS13_MT_FINISHED,
 		.sender = TLS13_HS_CLIENT,
+		.recv_preserve_transcript_hash = 1,
 		.send = tls13_client_finished_send,
 		.sent = tls13_client_finished_sent,
 		.recv = tls13_client_finished_recv,
@@ -123,7 +124,7 @@ struct tls13_handshake_action state_machine[] = {
 		.recv = tls13_server_certificate_recv,
 	},
 	[SERVER_CERTIFICATE_REQUEST] = {
-		.handshake_type = TLS13_MT_CERTIFICATE,
+		.handshake_type = TLS13_MT_CERTIFICATE_REQUEST,
 		.sender = TLS13_HS_SERVER,
 		.send = tls13_server_certificate_request_send,
 		.recv = tls13_server_certificate_request_recv,
-- 
cgit v1.2.3-55-g6feb