From 54834b4ad338b37df4f3744fb9fdf2a539a1bada Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Fri, 30 May 2025 11:08:42 +0200 Subject: [PATCH] wolfssl: fix sending of early data Early data was reported as being sent, but was not. While everything was aligned with the Gods and early data was reported as accepted, the actual sending required another call to wolfSSL. Fixes #17481 Reported-by: Ethan Everett Closes #17488 --- lib/vtls/wolfssl.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index fb27b543e4..a19b137092 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -509,7 +509,7 @@ static CURLcode wssl_on_session_reuse(struct Curl_cfilter *cf, *do_early_data = FALSE; #ifdef WOLFSSL_EARLY_DATA connssl->earlydata_max = wolfSSL_SESSION_get_max_early_data( - wolfSSL_get_session(wssl->ssl)); + wolfSSL_get_session(wssl->ssl)); #else (void)wssl; connssl->earlydata_max = 0; @@ -574,11 +574,19 @@ wssl_setup_session(struct Curl_cfilter *cf, if(result) goto out; } +#ifdef WOLFSSL_EARLY_DATA if(do_early_data) { + unsigned int edmax = (scs->earlydata_max < UINT_MAX) ? + (unsigned int)scs->earlydata_max : UINT_MAX; /* We only try the ALPN protocol the session used before, * otherwise we might send early data for the wrong protocol */ Curl_alpn_restrict_to(alpns, scs->alpn); + wolfSSL_set_max_early_data(wss->ssl, edmax); } +#else + /* Should never enable when not supported */ + DEBUGASSERT(!do_early_data); +#endif } } wolfSSL_SESSION_free(session); @@ -931,14 +939,6 @@ wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) "POLY1305_SHA256:TLS_AES_128_CCM_SHA256" #define QUIC_GROUPS "P-256:P-384:P-521" -#if defined(HAVE_SECRET_CALLBACK) -static void keylog_callback(const WOLFSSL *ssl, const char *line) -{ - (void)ssl; - Curl_tls_keylog_write_line(line); -} -#endif - CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx, struct Curl_cfilter *cf, struct Curl_easy *data,