stop double-populating the ech extension since that

blows away the ech and it's current hpke context, causing the hrr handling to fail
2023-09-26 18:03:15 -04:00
parent a23edb84d4
commit c0b49ce443
1 changed files with 5 additions and 0 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -11359,9 +11359,14 @@ static int TLSX_ECH_Use(WOLFSSL_EchConfig* echConfig, TLSX** extensions,
 {
    int ret = 0;
    int suiteIndex;
+    TLSX* echX;
    WOLFSSL_ECH* ech;
    if (extensions == NULL)
        return BAD_FUNC_ARG;
+    /* skip if we already have an ech extension, we will for hrr */
+    echX = TLSX_Find(*extensions, TLSX_ECH);
+    if (echX != NULL)
+        return 0;
    /* find a supported cipher suite */
    suiteIndex = EchConfigGetSupportedCipherSuite(echConfig);
    if (suiteIndex < 0)