In 0RTT mode, reverify the server certificate before sending early data. Bug: chromium:347402 Change-Id: I1442b595ed7296b9d9fe88357565f68e1ab80ffd Reviewed-on: https://boringssl-review.googlesource.com/c/32644 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: f241a59dcca617c5b9d9880a8a9fd92996a654be [log] [tgz]
author: Jesse Selover <jselover@google.com> Fri Nov 16 13:42:13 2018 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri Nov 16 19:52:18 2018 +0000
tree: 07fc2081fed05a9b17d4344266df424cf52c578d
parent: e8ba1e3b210e2749678322fcec2624da64144b13 [diff] [blame]
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index fb56001..0d3e877 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc

@@ -465,7 +465,7 @@
   SSL *const ssl = hs->ssl;
   // CertificateRequest may only be sent in non-resumption handshakes.
   if (ssl->s3->session_reused) {
-    if (ssl->ctx->reverify_on_resume) {
+    if (ssl->ctx->reverify_on_resume && !ssl->s3->early_data_accepted) {
       hs->tls13_state = state_server_certificate_reverify;
       return ssl_hs_ok;
     }
commit	f241a59dcca617c5b9d9880a8a9fd92996a654be	[log] [tgz]
author	Jesse Selover <jselover@google.com>	Fri Nov 16 13:42:13 2018 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Fri Nov 16 19:52:18 2018 +0000
tree	07fc2081fed05a9b17d4344266df424cf52c578d
parent	e8ba1e3b210e2749678322fcec2624da64144b13 [diff] [blame]