Remove other unnecessary tlsext_ prefixes.
Change-Id: Ib31a12527006ff57beb99bcfd0bf1f906773e1ca
Reviewed-on: https://boringssl-review.googlesource.com/29593
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/handoff.cc b/ssl/handoff.cc
index 85f7f7d..68cac5b 100644
--- a/ssl/handoff.cc
+++ b/ssl/handoff.cc
@@ -165,7 +165,7 @@
!CBB_add_asn1_octet_string(&seq, read_iv, read_iv_len) ||
!CBB_add_asn1_octet_string(&seq, write_iv, write_iv_len) ||
!CBB_add_asn1_bool(&seq, s3->session_reused) ||
- !CBB_add_asn1_bool(&seq, s3->tlsext_channel_id_valid) ||
+ !CBB_add_asn1_bool(&seq, s3->channel_id_valid) ||
!ssl_session_serialize(session, &seq) ||
!CBB_add_asn1_octet_string(&seq, s3->next_proto_negotiated.data(),
s3->next_proto_negotiated.size()) ||
@@ -174,8 +174,8 @@
!CBB_add_asn1_octet_string(
&seq, reinterpret_cast<uint8_t *>(s3->hostname.get()),
hostname_len) ||
- !CBB_add_asn1_octet_string(&seq, s3->tlsext_channel_id,
- sizeof(s3->tlsext_channel_id)) ||
+ !CBB_add_asn1_octet_string(&seq, s3->channel_id,
+ sizeof(s3->channel_id)) ||
!CBB_add_asn1_bool(&seq, ssl->s3->token_binding_negotiated) ||
!CBB_add_asn1_uint64(&seq, ssl->s3->negotiated_token_binding_param) ||
!CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) ||
@@ -251,9 +251,9 @@
!CBS_get_asn1(&seq, &alpn, CBS_ASN1_OCTETSTRING) ||
!CBS_get_asn1(&seq, &hostname, CBS_ASN1_OCTETSTRING) ||
!CBS_get_asn1(&seq, &channel_id, CBS_ASN1_OCTETSTRING) ||
- CBS_len(&channel_id) != sizeof(s3->tlsext_channel_id) ||
- !CBS_copy_bytes(&channel_id, s3->tlsext_channel_id,
- sizeof(s3->tlsext_channel_id)) ||
+ CBS_len(&channel_id) != sizeof(s3->channel_id) ||
+ !CBS_copy_bytes(&channel_id, s3->channel_id,
+ sizeof(s3->channel_id)) ||
!CBS_get_asn1_bool(&seq, &token_binding_negotiated) ||
!CBS_get_asn1_uint64(&seq, &negotiated_token_binding_param) ||
!CBS_get_asn1_bool(&seq, &next_proto_neg_seen) ||
@@ -302,7 +302,7 @@
return false;
}
s3->session_reused = session_reused;
- s3->tlsext_channel_id_valid = channel_id_valid;
+ s3->channel_id_valid = channel_id_valid;
s3->next_proto_negotiated.CopyFrom(next_proto);
s3->alpn_selected.CopyFrom(alpn);
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index 5e3bf29..a99f87e 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -1396,12 +1396,12 @@
static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
// Resolve Channel ID first, before any non-idempotent operations.
- if (ssl->s3->tlsext_channel_id_valid) {
+ if (ssl->s3->channel_id_valid) {
if (!ssl_do_channel_id_callback(hs)) {
return ssl_hs_error;
}
- if (hs->config->tlsext_channel_id_private == NULL) {
+ if (hs->config->channel_id_private == NULL) {
hs->state = state_send_client_finished;
return ssl_hs_channel_id_lookup;
}
@@ -1431,7 +1431,7 @@
}
}
- if (ssl->s3->tlsext_channel_id_valid) {
+ if (ssl->s3->channel_id_valid) {
ScopedCBB cbb;
CBB body;
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CHANNEL_ID) ||
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index 4b6749f..48005b1 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -631,7 +631,7 @@
hs->cert_request = !!(hs->config->verify_mode & SSL_VERIFY_PEER);
// Only request a certificate if Channel ID isn't negotiated.
if ((hs->config->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) &&
- ssl->s3->tlsext_channel_id_valid) {
+ ssl->s3->channel_id_valid) {
hs->cert_request = false;
}
// CertificateRequest may only be sent in certificate-based ciphers.
@@ -679,9 +679,9 @@
// We only accept ChannelIDs on connections with ECDHE in order to avoid a
// known attack while we fix ChannelID itself.
- if (ssl->s3->tlsext_channel_id_valid &&
+ if (ssl->s3->channel_id_valid &&
(hs->new_cipher->algorithm_mkey & SSL_kECDHE) == 0) {
- ssl->s3->tlsext_channel_id_valid = false;
+ ssl->s3->channel_id_valid = false;
}
// If this is a resumption and the original handshake didn't support
@@ -689,7 +689,7 @@
// session and so cannot resume with ChannelIDs.
if (ssl->session != NULL &&
ssl->session->original_handshake_hash_len == 0) {
- ssl->s3->tlsext_channel_id_valid = false;
+ ssl->s3->channel_id_valid = false;
}
struct OPENSSL_timeval now;
@@ -1363,7 +1363,7 @@
static enum ssl_hs_wait_t do_read_channel_id(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- if (!ssl->s3->tlsext_channel_id_valid) {
+ if (!ssl->s3->channel_id_valid) {
hs->state = state12_read_client_finished;
return ssl_hs_ok;
}
@@ -1400,7 +1400,7 @@
// If this is a full handshake with ChannelID then record the handshake
// hashes in |hs->new_session| in case we need them to verify a
// ChannelID signature on a resumption of this session in the future.
- if (ssl->session == NULL && ssl->s3->tlsext_channel_id_valid &&
+ if (ssl->session == NULL && ssl->s3->channel_id_valid &&
!tls1_record_handshake_hashes_for_channel_id(hs)) {
return ssl_hs_error;
}
diff --git a/ssl/internal.h b/ssl/internal.h
index cdb5cff..6b79870 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2163,9 +2163,8 @@
// In a client, this means that the server supported Channel ID and that a
// Channel ID was sent. In a server it means that we echoed support for
- // Channel IDs and that tlsext_channel_id will be valid after the
- // handshake.
- bool tlsext_channel_id_valid:1;
+ // Channel IDs and that |channel_id| will be valid after the handshake.
+ bool channel_id_valid:1;
// key_update_pending is true if we have a KeyUpdate acknowledgment
// outstanding.
@@ -2258,10 +2257,10 @@
UniquePtr<char> hostname;
// For a server:
- // If |tlsext_channel_id_valid| is true, then this contains the
+ // If |channel_id_valid| is true, then this contains the
// verified Channel ID from the client: a P256 point, (x,y), where
// each are big-endian values.
- uint8_t tlsext_channel_id[64] = {0};
+ uint8_t channel_id[64] = {0};
// Contains the QUIC transport params received by the peer.
Array<uint8_t> peer_quic_transport_params;
@@ -2450,7 +2449,7 @@
Array<uint16_t> supported_group_list; // our list
// The client's Channel ID private key.
- UniquePtr<EVP_PKEY> tlsext_channel_id_private;
+ UniquePtr<EVP_PKEY> channel_id_private;
// For a client, this contains the list of supported protocols in wire
// format.
@@ -2476,10 +2475,10 @@
// whether OCSP stapling will be requested.
bool ocsp_stapling_enabled:1;
- // tlsext_channel_id_enabled is copied from the |SSL_CTX|. For a server,
- // means that we'll accept Channel IDs from clients. For a client, means that
- // we'll advertise support.
- bool tlsext_channel_id_enabled:1;
+ // channel_id_enabled is copied from the |SSL_CTX|. For a server, means that
+ // we'll accept Channel IDs from clients. For a client, means that we'll
+ // advertise support.
+ bool channel_id_enabled:1;
// retain_only_sha256_of_client_certs is true if we should compute the SHA256
// hash of the peer's certificate and then discard it to save memory and
@@ -2749,8 +2748,8 @@
int tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg);
// tls1_write_channel_id generates a Channel ID message and puts the output in
-// |cbb|. |ssl->tlsext_channel_id_private| must already be set before calling.
-// This function returns true on success and false on error.
+// |cbb|. |ssl->channel_id_private| must already be set before calling. This
+// function returns true on success and false on error.
bool tls1_write_channel_id(SSL_HANDSHAKE *hs, CBB *cbb);
// tls1_channel_id_hash computes the hash to be signed by Channel ID and writes
@@ -2762,7 +2761,7 @@
// ssl_do_channel_id_callback checks runs |hs->ssl->ctx->channel_id_cb| if
// necessary. It returns one on success and zero on fatal error. Note that, on
-// success, |hs->ssl->tlsext_channel_id_private| may be unset, in which case the
+// success, |hs->ssl->channel_id_private| may be unset, in which case the
// operation should be retried later.
int ssl_do_channel_id_callback(SSL_HANDSHAKE *hs);
@@ -2949,8 +2948,8 @@
uint16_t max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
// TLS extensions servername callback
- int (*tlsext_servername_callback)(SSL *, int *, void *) = nullptr;
- void *tlsext_servername_arg = nullptr;
+ int (*servername_callback)(SSL *, int *, void *) = nullptr;
+ void *servername_arg = nullptr;
// RFC 4507 session ticket keys. |ticket_key_current| may be NULL before the
// first handshake and |ticket_key_prev| may be NULL at any time.
@@ -3019,7 +3018,7 @@
bssl::Array<uint16_t> supported_group_list;
// The client's Channel ID private key.
- bssl::UniquePtr<EVP_PKEY> tlsext_channel_id_private;
+ bssl::UniquePtr<EVP_PKEY> channel_id_private;
// keylog_callback, if not NULL, is the key logging callback. See
// |SSL_CTX_set_keylog_callback|.
@@ -3063,10 +3062,10 @@
// If true, a client will request certificate timestamps.
bool signed_cert_timestamps_enabled:1;
- // tlsext_channel_id_enabled is whether Channel ID is enabled. For a server,
- // means that we'll accept Channel IDs from clients. For a client, means that
- // we'll advertise support.
- bool tlsext_channel_id_enabled:1;
+ // channel_id_enabled is whether Channel ID is enabled. For a server, means
+ // that we'll accept Channel IDs from clients. For a client, means that we'll
+ // advertise support.
+ bool channel_id_enabled:1;
// grease_enabled is whether draft-davidben-tls-grease-01 is enabled.
bool grease_enabled:1;
@@ -3171,7 +3170,7 @@
uint32_t options = 0; // protocol behaviour
uint32_t mode = 0; // API behaviour
uint32_t max_cert_list = 0;
- bssl::UniquePtr<char> tlsext_hostname;
+ bssl::UniquePtr<char> hostname;
// renegotiate_mode controls how peer renegotiation attempts are handled.
ssl_renegotiate_mode_t renegotiate_mode = ssl_renegotiate_never;
diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc
index d6a25b7..9e4d7d8 100644
--- a/ssl/s3_lib.cc
+++ b/ssl/s3_lib.cc
@@ -173,7 +173,7 @@
initial_handshake_complete(false),
session_reused(false),
send_connection_binding(false),
- tlsext_channel_id_valid(false),
+ channel_id_valid(false),
key_update_pending(false),
wpend_pending(false),
early_data_accepted(false),
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 4e53e7c..7e26fa0 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -540,7 +540,7 @@
quiet_shutdown(false),
ocsp_stapling_enabled(false),
signed_cert_timestamps_enabled(false),
- tlsext_channel_id_enabled(false),
+ channel_id_enabled(false),
grease_enabled(false),
allow_unknown_alpn_protos(false),
ed25519_enabled(false),
@@ -691,9 +691,8 @@
ssl->config->psk_client_callback = ctx->psk_client_callback;
ssl->config->psk_server_callback = ctx->psk_server_callback;
- ssl->config->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled;
- ssl->config->tlsext_channel_id_private =
- UpRef(ctx->tlsext_channel_id_private);
+ ssl->config->channel_id_enabled = ctx->channel_id_enabled;
+ ssl->config->channel_id_private = UpRef(ctx->channel_id_private);
ssl->config->signed_cert_timestamps_enabled =
ctx->signed_cert_timestamps_enabled;
@@ -712,7 +711,7 @@
: ssl(ssl_arg),
signed_cert_timestamps_enabled(false),
ocsp_stapling_enabled(false),
- tlsext_channel_id_enabled(false),
+ channel_id_enabled(false),
retain_only_sha256_of_client_certs(false),
handoff(false),
shed_handshake_config(false) {
@@ -1827,8 +1826,8 @@
// Historically, |SSL_get_servername| was also the configuration getter
// corresponding to |SSL_set_tlsext_host_name|.
- if (ssl->tlsext_hostname != nullptr) {
- return ssl->tlsext_hostname.get();
+ if (ssl->hostname != nullptr) {
+ return ssl->hostname.get();
}
return ssl->s3->hostname.get();
@@ -1907,7 +1906,7 @@
}
int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
- ssl->tlsext_hostname.reset();
+ ssl->hostname.reset();
if (name == nullptr) {
return 1;
}
@@ -1917,8 +1916,8 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
- ssl->tlsext_hostname.reset(BUF_strdup(name));
- if (ssl->tlsext_hostname == nullptr) {
+ ssl->hostname.reset(BUF_strdup(name));
+ if (ssl->hostname == nullptr) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -1927,12 +1926,12 @@
int SSL_CTX_set_tlsext_servername_callback(
SSL_CTX *ctx, int (*callback)(SSL *ssl, int *out_alert, void *arg)) {
- ctx->tlsext_servername_callback = callback;
+ ctx->servername_callback = callback;
return 1;
}
int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) {
- ctx->tlsext_servername_arg = arg;
+ ctx->servername_arg = arg;
return 1;
}
@@ -2080,7 +2079,7 @@
}
void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx, int enabled) {
- ctx->tlsext_channel_id_enabled = !!enabled;
+ ctx->channel_id_enabled = !!enabled;
}
int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx) {
@@ -2092,7 +2091,7 @@
if (!ssl->config) {
return;
}
- ssl->config->tlsext_channel_id_enabled = !!enabled;
+ ssl->config->channel_id_enabled = !!enabled;
}
int SSL_enable_tls_channel_id(SSL *ssl) {
@@ -2113,8 +2112,8 @@
return 0;
}
- ctx->tlsext_channel_id_private = UpRef(private_key);
- ctx->tlsext_channel_id_enabled = true;
+ ctx->channel_id_private = UpRef(private_key);
+ ctx->channel_id_enabled = true;
return 1;
}
@@ -2128,18 +2127,17 @@
return 0;
}
- ssl->config->tlsext_channel_id_private = UpRef(private_key);
- ssl->config->tlsext_channel_id_enabled = true;
+ ssl->config->channel_id_private = UpRef(private_key);
+ ssl->config->channel_id_enabled = true;
return 1;
}
size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) {
- if (!ssl->s3->tlsext_channel_id_valid) {
+ if (!ssl->s3->channel_id_valid) {
return 0;
}
- OPENSSL_memcpy(out, ssl->s3->tlsext_channel_id,
- (max_out < 64) ? max_out : 64);
+ OPENSSL_memcpy(out, ssl->s3->channel_id, (max_out < 64) ? max_out : 64);
return 64;
}
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index fab6afe..3cb1063 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -591,7 +591,7 @@
static bool ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- if (ssl->tlsext_hostname == nullptr) {
+ if (ssl->hostname == nullptr) {
return true;
}
@@ -601,8 +601,8 @@
!CBB_add_u16_length_prefixed(&contents, &server_name_list) ||
!CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name) ||
!CBB_add_u16_length_prefixed(&server_name_list, &name) ||
- !CBB_add_bytes(&name, (const uint8_t *)ssl->tlsext_hostname.get(),
- strlen(ssl->tlsext_hostname.get())) ||
+ !CBB_add_bytes(&name, (const uint8_t *)ssl->hostname.get(),
+ strlen(ssl->hostname.get())) ||
!CBB_flush(out)) {
return false;
}
@@ -1552,12 +1552,12 @@
// https://tools.ietf.org/html/draft-balfanz-tls-channelid-01
static void ext_channel_id_init(SSL_HANDSHAKE *hs) {
- hs->ssl->s3->tlsext_channel_id_valid = false;
+ hs->ssl->s3->channel_id_valid = false;
}
static bool ext_channel_id_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- if (!hs->config->tlsext_channel_id_enabled || SSL_is_dtls(ssl)) {
+ if (!hs->config->channel_id_enabled || SSL_is_dtls(ssl)) {
return true;
}
@@ -1578,13 +1578,13 @@
}
assert(!SSL_is_dtls(ssl));
- assert(hs->config->tlsext_channel_id_enabled);
+ assert(hs->config->channel_id_enabled);
if (CBS_len(contents) != 0) {
return false;
}
- ssl->s3->tlsext_channel_id_valid = true;
+ ssl->s3->channel_id_valid = true;
return true;
}
@@ -1592,8 +1592,7 @@
uint8_t *out_alert,
CBS *contents) {
SSL *const ssl = hs->ssl;
- if (contents == NULL || !hs->config->tlsext_channel_id_enabled ||
- SSL_is_dtls(ssl)) {
+ if (contents == NULL || !hs->config->channel_id_enabled || SSL_is_dtls(ssl)) {
return true;
}
@@ -1601,13 +1600,13 @@
return false;
}
- ssl->s3->tlsext_channel_id_valid = true;
+ ssl->s3->channel_id_valid = true;
return true;
}
static bool ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
SSL *const ssl = hs->ssl;
- if (!ssl->s3->tlsext_channel_id_valid) {
+ if (!ssl->s3->channel_id_valid) {
return true;
}
@@ -3396,12 +3395,11 @@
int ret = SSL_TLSEXT_ERR_NOACK;
int al = SSL_AD_UNRECOGNIZED_NAME;
- if (ssl->ctx->tlsext_servername_callback != 0) {
- ret = ssl->ctx->tlsext_servername_callback(ssl, &al,
- ssl->ctx->tlsext_servername_arg);
- } else if (ssl->session_ctx->tlsext_servername_callback != 0) {
- ret = ssl->session_ctx->tlsext_servername_callback(
- ssl, &al, ssl->session_ctx->tlsext_servername_arg);
+ if (ssl->ctx->servername_callback != 0) {
+ ret = ssl->ctx->servername_callback(ssl, &al, ssl->ctx->servername_arg);
+ } else if (ssl->session_ctx->servername_callback != 0) {
+ ret = ssl->session_ctx->servername_callback(
+ ssl, &al, ssl->session_ctx->servername_arg);
}
switch (ret) {
@@ -3759,11 +3757,11 @@
if (!sig_ok) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
- ssl->s3->tlsext_channel_id_valid = false;
+ ssl->s3->channel_id_valid = false;
return 0;
}
- OPENSSL_memcpy(ssl->s3->tlsext_channel_id, p, 64);
+ OPENSSL_memcpy(ssl->s3->channel_id, p, 64);
return 1;
}
@@ -3774,8 +3772,7 @@
return false;
}
- EC_KEY *ec_key =
- EVP_PKEY_get0_EC_KEY(hs->config->tlsext_channel_id_private.get());
+ EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(hs->config->channel_id_private.get());
if (ec_key == nullptr) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return false;
@@ -3879,7 +3876,7 @@
}
int ssl_do_channel_id_callback(SSL_HANDSHAKE *hs) {
- if (hs->config->tlsext_channel_id_private != NULL ||
+ if (hs->config->channel_id_private != NULL ||
hs->ssl->ctx->channel_id_cb == NULL) {
return 1;
}
diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index dd0977a..9fdd313 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -442,7 +442,7 @@
OPENSSL_PUT_ERROR(SSL, SSL_R_ALPN_MISMATCH_ON_EARLY_DATA);
return ssl_hs_error;
}
- if (ssl->s3->tlsext_channel_id_valid || hs->received_custom_extension ||
+ if (ssl->s3->channel_id_valid || hs->received_custom_extension ||
ssl->s3->token_binding_negotiated) {
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION_ON_EARLY_DATA);
return ssl_hs_error;
@@ -691,13 +691,13 @@
SSL *const ssl = hs->ssl;
// Send a Channel ID assertion if necessary.
- if (ssl->s3->tlsext_channel_id_valid) {
+ if (ssl->s3->channel_id_valid) {
if (!ssl_do_channel_id_callback(hs)) {
hs->tls13_state = state_complete_second_flight;
return ssl_hs_error;
}
- if (hs->config->tlsext_channel_id_private == NULL) {
+ if (hs->config->channel_id_private == NULL) {
return ssl_hs_channel_id_lookup;
}
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index a113504..67aa5d0 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -389,7 +389,7 @@
// The client must have offered early data.
hs->early_data_offered &&
// Channel ID is incompatible with 0-RTT.
- !ssl->s3->tlsext_channel_id_valid &&
+ !ssl->s3->channel_id_valid &&
// If Token Binding is negotiated, reject 0-RTT.
!ssl->s3->token_binding_negotiated &&
// Custom extensions is incompatible with 0-RTT.
@@ -596,7 +596,7 @@
hs->cert_request = !!(hs->config->verify_mode & SSL_VERIFY_PEER);
// Only request a certificate if Channel ID isn't negotiated.
if ((hs->config->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) &&
- ssl->s3->tlsext_channel_id_valid) {
+ ssl->s3->channel_id_valid) {
hs->cert_request = false;
}
}
@@ -852,7 +852,7 @@
static enum ssl_hs_wait_t do_read_channel_id(SSL_HANDSHAKE *hs) {
SSL *const ssl = hs->ssl;
- if (!ssl->s3->tlsext_channel_id_valid) {
+ if (!ssl->s3->channel_id_valid) {
hs->tls13_state = state_read_client_finished;
return ssl_hs_ok;
}