From 0c4e0f40a803412921241c3cb460045e7207180d Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Sun, 7 May 2023 11:17:37 +0200
Subject: ssl: Improve error information when middlebox assert fails

---
 lib/ssl/src/tls_client_connection_1_3.erl | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/ssl/src/tls_client_connection_1_3.erl b/lib/ssl/src/tls_client_connection_1_3.erl
index d5742ea390..8f7486d419 100644
--- a/lib/ssl/src/tls_client_connection_1_3.erl
+++ b/lib/ssl/src/tls_client_connection_1_3.erl
@@ -316,6 +316,10 @@ hello_middlebox_assert(enter, _, State) ->
     {keep_state, State};
 hello_middlebox_assert(internal, #change_cipher_spec{}, State) ->
     tls_gen_connection:next_event(wait_ee, no_record, State);
+hello_middlebox_assert(internal = Type, #encrypted_extensions{} = Msg,  #state{ssl_options = #{log_level := Level}} = State) ->
+    ssl_logger:log(warning, Level, #{description => "Failed to assert middlebox server message",
+                                     reason => [{missing, #change_cipher_spec{}}]}, ?LOCATION),
+    ssl_gen_statem:handle_common_event(Type, Msg, ?FUNCTION_NAME, State);
 hello_middlebox_assert(info, Msg, State) ->
     tls_gen_connection:handle_info(Msg, ?FUNCTION_NAME, State);
 hello_middlebox_assert(Type, Msg, State) ->
@@ -331,8 +335,10 @@ hello_retry_middlebox_assert(enter, _, State) ->
     {keep_state, State};
 hello_retry_middlebox_assert(internal, #change_cipher_spec{}, State) ->
     tls_gen_connection:next_event(wait_sh, no_record, State);
-hello_retry_middlebox_assert(internal, #server_hello{}, State) ->
-    tls_gen_connection:next_event(?FUNCTION_NAME, no_record, State, [postpone]);
+hello_retry_middlebox_assert(internal = Type, #server_hello{} = Msg, #state{ssl_options = #{log_level := Level}} = State) ->
+    ssl_logger:log(warning, Level, #{description => "Failed to assert middlebox server message",
+                                     reason => [{missing, #change_cipher_spec{}}]}, ?LOCATION),
+    ssl_gen_statem:handle_common_event(Type, Msg, ?FUNCTION_NAME, State);
 hello_retry_middlebox_assert(info, Msg, State) ->
     tls_gen_connection:handle_info(Msg, ?FUNCTION_NAME, State);
 hello_retry_middlebox_assert(Type, Msg, State) ->
-- 
cgit v1.2.1