BUG/MEDIUM: 0rtt: Only consider the SSL handshake.
We only add the Early-data header, or get ssl_fc_has_early to return 1, if
we didn't already did the SSL handshake, as otherwise, we know the early
data were fine, and there's no risk of replay attack. But to do so, we
wrongly checked CO_FL_HANDSHAKE, we have to check CO_FL_SSL_WAIT_HS instead,
as we don't care about the status of any other handshake.
This should be backported to 2.1, 2.0, and 1.9.
When deciding if we should add the Early-Data header, or if the sample fetch
should return
(cherry picked from commit 220a26c31647b8cfd76f3922d08cb2e847e3009e)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 00ae17b75d20b30ab445970afb6a15f5d11cf257)
Signed-off-by: Willy Tarreau <w@1wt.eu>
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 1fa1092..b28c9cd 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6667,7 +6667,7 @@
}
#else
smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
- (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
+ (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS))) ? 1 : 0;
#endif
return 1;
}