commit d816874c52418665cd348a3e2babd575686cf695
author Steven Valdez <svaldez@google.com> Thu Aug 31 10:15:48 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Aug 31 15:43:25 2017 +0000
tree 350a8c386886c0c6411672ef74b787283c5af90e
parent 1ab133a9daddd14cc6538b3c4a85c804f3647a26

Set SSL_in_init to false before new_session_cb.

This fixes a regression in Conscrypt added by
https://boringssl-review.googlesource.com/19144. SSL_get_session
otherwise attempts to return hs->new_session, but that has been released
at this point.

Change-Id: I55b41cbefb65b3ae3cfbfad72f6338bd66db3341
Reviewed-on: https://boringssl-review.googlesource.com/19904
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_lib.cc

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index e210616..1f1461f 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -2336,7 +2336,11 @@
 }
 
 int SSL_in_init(const SSL *ssl) {
-  return ssl->s3->hs != NULL;
+  // This returns false once all the handshake state has been finalized, to
+  // allow callbacks and getters based on SSL_in_init to return the correct
+  // values.
+  SSL_HANDSHAKE *hs = ssl->s3->hs;
+  return hs != nullptr && !hs->handshake_finalized;
 }
 
 int SSL_in_false_start(const SSL *ssl) {