dtls13: wolfSSL_is_init_finished true after last server ACK

Do not consider the handshake finished until the last server ACK. This way the application knows where to switch from wolfSSL_negotiate/wolfSSL_connect to wolfSSL_read/wolfSSL_write.
2025-08-01 03:34:39 +02:00 · 2025-06-16 09:59:32 +02:00
parent 05ff12969e
commit 509491f554
2 changed files with 8 additions and 2 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -12811,6 +12811,13 @@ cleanup:
        if (ssl == NULL)
            return 0;

+#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT)
+    if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls
+            && IsAtLeastTLSv1_3(ssl->version)) {
+        return ssl->options.serverState == SERVER_FINISHED_ACKED;
+    }
+#endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT */
+
        /* Can't use ssl->options.connectState and ssl->options.acceptState
         * because they differ in meaning for TLS <=1.2 and 1.3 */
        if (ssl->options.handShakeState == HANDSHAKE_DONE)
--- a/tests/api.c
+++ b/tests/api.c
@@ -66072,8 +66072,7 @@ static int test_dtls13_missing_finished_server(void)
    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
    /* Let's clear the output */
    test_memio_clear_buffer(&test_ctx, 0);
-    /* We should signal that the handshake is done */
-    ExpectTrue(wolfSSL_is_init_finished(ssl_c));
+    ExpectFalse(wolfSSL_is_init_finished(ssl_c));
    /* Let's send some app data */
    ExpectIntEQ(wolfSSL_write(ssl_c, test_str, sizeof(test_str)),
                sizeof(test_str));