diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 020f06280..f39f78dc4 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -585,6 +585,10 @@ struct mbedtls_ssl_handshake_params /*!< Number of Hello Retry Request messages received from the server. */ int hello_retry_request_count; #endif /* MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_SSL_SRV_C) + /*!< Number of Hello Retry Request messages sent by the server. */ + int hello_retry_requests_sent; +#endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 0b3794756..be1277834 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -886,7 +886,7 @@ static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl, { int ret = 0; - if( ssl->handshake->hello_retry_request_count == 0 && + if( ssl->handshake->hello_retry_requests_sent == 0 && ssl->conf->rr_config == MBEDTLS_SSL_FORCE_RR_CHECK_ON ) { hrr_required = SSL_CLIENT_HELLO_HRR_REQUIRED; @@ -946,7 +946,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) { /* start state */ case MBEDTLS_SSL_HELLO_REQUEST: - ssl->handshake->hello_retry_request_count = 0; + ssl->handshake->hello_retry_requests_sent = 0; mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_HELLO ); break;