Add extra validation parsing the server-to-client early_data extension Check that we actually resumed the session, and that we selected the first identity. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2737)

commit: 538bea6c8184670a8d1608ef288a4e1813dcefa6 [log] [tgz]
author: Matt Caswell <matt@openssl.org> Fri Feb 24 10:29:20 2017 +0000
committer: Matt Caswell <matt@openssl.org> Thu Mar 02 17:44:15 2017 +0000
tree: a30fc283c59836aed3f3fabb35d318fe96ba69ff
parent: 329114f91f1a560bcf25ff2ebf5d608079e82272 [diff]
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 1dbc355..778d2c8 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c

@@ -931,10 +931,12 @@
         return 0;
     }
 
-    if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) {
+    if (s->ext.early_data != SSL_EARLY_DATA_REJECTED
+            || !s->hit
+            || s->session->ext.tick_identity != 0) {
         /*
-         * If we get here then we didn't send early data, so the server should
-         * not be accepting it.
+         * If we get here then we didn't send early data, or we didn't resume
+         * using the first identity so the server should not be accepting it.
          */
         *al = SSL_AD_ILLEGAL_PARAMETER;
         return 0;
commit	538bea6c8184670a8d1608ef288a4e1813dcefa6	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Fri Feb 24 10:29:20 2017 +0000
committer	Matt Caswell <matt@openssl.org>	Thu Mar 02 17:44:15 2017 +0000
tree	a30fc283c59836aed3f3fabb35d318fe96ba69ff
parent	329114f91f1a560bcf25ff2ebf5d608079e82272 [diff]