From c0b49ce443b9fe14b30857090fa6026788470fb3 Mon Sep 17 00:00:00 2001
From: John Bland <john.bland@wolfssl.com>
Date: Tue, 26 Sep 2023 18:03:15 -0400
Subject: [PATCH] stop double-populating the ech extension since that

blows away the ech and it's current hpke context, causing the hrr handling to fail
---
 src/tls.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/tls.c b/src/tls.c
index 3edae684e..fc128aa58 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -11359,9 +11359,14 @@ static int TLSX_ECH_Use(WOLFSSL_EchConfig* echConfig, TLSX** extensions,
 {
     int ret = 0;
     int suiteIndex;
+    TLSX* echX;
     WOLFSSL_ECH* ech;
     if (extensions == NULL)
         return BAD_FUNC_ARG;
+    /* skip if we already have an ech extension, we will for hrr */
+    echX = TLSX_Find(*extensions, TLSX_ECH);
+    if (echX != NULL)
+        return 0;
     /* find a supported cipher suite */
     suiteIndex = EchConfigGetSupportedCipherSuite(echConfig);
     if (suiteIndex < 0)