From 0c321950a0eaf1cbacf3771e68578db3909a255f Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 6 Oct 2017 11:16:17 +0200
Subject: handshake: treat reply to HRR as a reply to hello verify request

That is, re-use the client random value on the client hello which
is a reply to a hello retry request.

Relates #299

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/handshake.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/handshake.c b/lib/handshake.c
index d12e80e676..3746296d44 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1868,9 +1868,8 @@ static int send_client_hello(gnutls_session_t session, int again)
 
 		/* Generate random data 
 		 */
-		if (!IS_DTLS(session)
-		    || session->internals.dtls.hsk_hello_verify_requests ==
-		    0) {
+		if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
+		    !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
 			ret = _gnutls_gen_client_random(session);
 			if (ret < 0)
 				return gnutls_assert_val(ret);
-- 
cgit v1.2.1