Tolerate early ChangeCipherSpec in DTLS. This would only come up if the peer didn't pack records together, but it's free to handle. Notably OpenSSL has a bug where it does not pack retransmits together. Change-Id: I0927d768f6b50c62bacdd82bd1c95396ed503cf3 Reviewed-on: https://boringssl-review.googlesource.com/18724 Reviewed-by: David Benjamin <davidben@google.com>

commit: b0c761eb76009170d3d1963f868afa581102b921 [log] [tgz]
author: David Benjamin <davidben@google.com> Sun Jun 25 22:42:55 2017 -0400
committer: David Benjamin <davidben@google.com> Tue Aug 01 22:00:52 2017 +0000
tree: c866bdd907a38458d6c8d206e8257a5b0c8d75e7
parent: 27e377ec65d57589499c1dbabc6b74f6464f5d6d [diff] [blame]
diff --git a/ssl/test/runner/conn.go b/ssl/test/runner/conn.go
index 047c3c5..2332e6b 100644
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go

@@ -1023,10 +1023,8 @@
 			newData[0] = msgType
 			data = newData
 		}
-	}
 
-	if msgType := c.config.Bugs.SendTrailingMessageData; msgType != 0 {
-		if typ == recordTypeHandshake && data[0] == msgType {
+		if c.config.Bugs.SendTrailingMessageData != 0 && msgType == c.config.Bugs.SendTrailingMessageData {
 			newData := make([]byte, len(data))
 			copy(newData, data)
 
@@ -1060,6 +1058,11 @@
 		}
 	}
 
+	// Flush buffered data before writing anything.
+	if err := c.flushHandshake(); err != nil {
+		return 0, err
+	}
+
 	return c.doWriteRecord(typ, data)
 }
commit	b0c761eb76009170d3d1963f868afa581102b921	[log] [tgz]
author	David Benjamin <davidben@google.com>	Sun Jun 25 22:42:55 2017 -0400
committer	David Benjamin <davidben@google.com>	Tue Aug 01 22:00:52 2017 +0000
tree	c866bdd907a38458d6c8d206e8257a5b0c8d75e7
parent	27e377ec65d57589499c1dbabc6b74f6464f5d6d [diff] [blame]