From 424ecfb33ca412d8b8bc8edd531975a5440bc9ce Mon Sep 17 00:00:00 2001
From: Olivier Houchard <ohouchard@haproxy.com>
Date: Wed, 22 Nov 2017 19:12:10 +0100
Subject: [PATCH] MINOR: ssl: Don't disable early data handling if we could not
 write.

If we can't write early data, for some reason, don't give up on reading them,
they may still be early data to be read, and if we don't do so, openssl
internal states might be inconsistent, and the handshake will fail.
---
 src/ssl_sock.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b8793fce6..24bb36877 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5514,7 +5514,6 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
 			if (try + conn->tmp_early_data > max_early) {
 				try -= (try + conn->tmp_early_data) - max_early;
 				if (try <= 0) {
-					conn->flags &= ~CO_FL_EARLY_SSL_HS;
 					conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
 					break;
 				}