Acknowledge KeyUpdate messages. Also remove TODO about post-handshake authentication. The only sensible way to handle unexpected post-handshake authentication is a fatal error (dropping them would cause a deadlock), and we treat all post-handshake authentication as unexpected. BUG=74 Change-Id: Ic92035b26ddcbcf25241262ce84bcc57b736b7a7 Reviewed-on: https://boringssl-review.googlesource.com/14744 Reviewed-by: Steven Valdez <svaldez@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: bbba9394c88b46829dd58185f490964a4c8a30a3 [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Apr 06 12:54:12 2017 -0400
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Apr 10 17:49:58 2017 +0000
tree: c955de2d8964063b515fd76eecd2d55994ecb7ce
parent: d9e5bc10132848ce1463e33bd0bc21454bdd0bc6 [diff] [blame]
diff --git a/ssl/internal.h b/ssl/internal.h
index 9a523d4..8d38cda 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1633,10 +1633,15 @@
    * handshake. */
   unsigned tlsext_channel_id_valid:1;
 
+  /* key_update_pending is one if we have a KeyUpdate acknowledgment
+   * outstanding. */
+  unsigned key_update_pending:1;
+
   uint8_t send_alert[2];
 
   /* pending_flight is the pending outgoing flight. This is used to flush each
-   * handshake flight in a single write. */
+   * handshake flight in a single write. |write_buffer| must be written out
+   * before this data. */
   BUF_MEM *pending_flight;
 
   /* pending_flight_offset is the number of bytes of |pending_flight| which have
commit	bbba9394c88b46829dd58185f490964a4c8a30a3	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Apr 06 12:54:12 2017 -0400
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Mon Apr 10 17:49:58 2017 +0000
tree	c955de2d8964063b515fd76eecd2d55994ecb7ce
parent	d9e5bc10132848ce1463e33bd0bc21454bdd0bc6 [diff] [blame]