From 4102461dd621303d89a0f547cfec9d89f1db6113 Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Thu, 12 Mar 2026 17:31:43 +0100 Subject: [PATCH] BUG/MEDIUM: ssl: Don't report read data as early data with AWS-LC To read early data with AWS-LC (and BoringSSL), we have to use SSL_read(). But SSL_read() will also try to do the handshake if it hasn't been done yet, and at some point will do the handshake and will return data that are actually not early data. So use SSL_in_early_data() to make sure that the data we received are actually early data, and only if so add the CO_FL_EARLY_DATA flag. Otherwise any data first received will be considered early, and a Early-data header will be added. As this bug was introduced by 76ba026548975a6d1bc23d1344807c64d994bf1e, it should be backported with it. --- src/ssl_sock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 839aed94c..dcd3a231b 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -6059,7 +6059,8 @@ static int ssl_sock_handshake(struct connection *conn, unsigned int flag) ret = SSL_read(ctx->ssl, b_tail(&ctx->early_buf), b_room(&ctx->early_buf)); if (ret > 0) { - conn->flags |= CO_FL_EARLY_DATA; + if (SSL_in_early_data(ctx->ssl)) + conn->flags |= CO_FL_EARLY_DATA; b_add(&ctx->early_buf, ret); } else { int err = SSL_get_error(ctx->ssl, ret);