From 777e4b98a3252f89615d528f686087a9ab22d169 Mon Sep 17 00:00:00 2001
From: Olivier Houchard <ohouchard@haproxy.com>
Date: Wed, 22 Nov 2017 17:38:37 +0100
Subject: [PATCH] BUG/MINOR: ssl: Always start the handshake if we can't send
 early data.

The current code only tries to do the handshake in case we can't send early
data if we're acting as a client, which is wrong, it has to be done on the
server side too, or we end up in an infinite loop.
---
 src/ssl_sock.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index d1977960c..b8793fce6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5514,10 +5514,8 @@ static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int fl
 			if (try + conn->tmp_early_data > max_early) {
 				try -= (try + conn->tmp_early_data) - max_early;
 				if (try <= 0) {
-					if (objt_server(conn->target)) {
-						conn->flags &= ~CO_FL_EARLY_SSL_HS;
-						conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
-					}
+					conn->flags &= ~CO_FL_EARLY_SSL_HS;
+					conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
 					break;
 				}
 			}