Tolerate early ChangeCipherSpec in DTLS. This would only come up if the peer didn't pack records together, but it's free to handle. Notably OpenSSL has a bug where it does not pack retransmits together. Change-Id: I0927d768f6b50c62bacdd82bd1c95396ed503cf3 Reviewed-on: https://boringssl-review.googlesource.com/18724 Reviewed-by: David Benjamin <davidben@google.com>

commit: b0c761eb76009170d3d1963f868afa581102b921 [log] [tgz]
author: David Benjamin <davidben@google.com> Sun Jun 25 22:42:55 2017 -0400
committer: David Benjamin <davidben@google.com> Tue Aug 01 22:00:52 2017 +0000
tree: c866bdd907a38458d6c8d206e8257a5b0c8d75e7
parent: 27e377ec65d57589499c1dbabc6b74f6464f5d6d [diff] [blame]
diff --git a/ssl/dtls_method.cc b/ssl/dtls_method.cc
index 15c4608..59c771b 100644
--- a/ssl/dtls_method.cc
+++ b/ssl/dtls_method.cc

@@ -78,7 +78,7 @@
 
 static int dtls1_set_read_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) {
   /* Cipher changes are illegal when there are buffered incoming messages. */
-  if (dtls_has_incoming_messages(ssl)) {
+  if (dtls_has_incoming_messages(ssl) || ssl->d1->has_change_cipher_spec) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE);
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
     return 0;
commit	b0c761eb76009170d3d1963f868afa581102b921	[log] [tgz]
author	David Benjamin <davidben@google.com>	Sun Jun 25 22:42:55 2017 -0400
committer	David Benjamin <davidben@google.com>	Tue Aug 01 22:00:52 2017 +0000
tree	c866bdd907a38458d6c8d206e8257a5b0c8d75e7
parent	27e377ec65d57589499c1dbabc6b74f6464f5d6d [diff] [blame]