Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Only accept early data if using the first PSK
From TLS 1.3 RFC 8446 section 4.2.10: The PSK used to encrypt the early data MUST be the first PSK listed in the client's "pre_shared_key" extension. I noticed that later on in the code it only sets up the tls->pending_handshake_secret when accept_early_data && tls->ctx->max_early_data_size != 0 && psk_index == 0, so perhaps we don't need to do a check here, but I think it is still good to check it in the psk handshake.
- Loading branch information