From 66eba46c8efda6153f62d7bf090800c71c5eda4f Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Fri, 24 Nov 2017 21:20:27 +0900
Subject: [PATCH] fixup! nghttpx: Send nghttpx-0rtt-uniq header if request is
 replayable

---
 src/shrpx_connection.cc | 4 ++--
 src/shrpx_tls.cc        | 9 +++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc
index a98958cf..2662cdda 100644
--- a/src/shrpx_connection.cc
+++ b/src/shrpx_connection.cc
@@ -442,7 +442,7 @@ int Connection::tls_handshake() {
 
       rv = SSL_read_early_data(tls.ssl, buf.data(), buf.size(), &nread);
       if (rv == SSL_READ_EARLY_DATA_ERROR) {
-        if (SSL_get_error(tls.ssl, rv) == SSL_ERROR_WANT_EARLY) {
+        if (SSL_get_error(tls.ssl, rv) == SSL_ERROR_WANT_CLIENT_HELLO_CB) {
           if (LOG_ENABLED(INFO)) {
             LOG(INFO)
                 << "tls: early_cb returns negative return value; handshake "
@@ -510,7 +510,7 @@ int Connection::tls_handshake() {
       break;
     case SSL_ERROR_WANT_WRITE:
 #if OPENSSL_1_1_1_API
-    case SSL_ERROR_WANT_EARLY:
+    case SSL_ERROR_WANT_CLIENT_HELLO_CB:
 #endif // OPENSSL_1_1_1_API
       break;
     case SSL_ERROR_SSL:
diff --git a/src/shrpx_tls.cc b/src/shrpx_tls.cc
index 89648b13..d7f44b76 100644
--- a/src/shrpx_tls.cc
+++ b/src/shrpx_tls.cc
@@ -550,15 +550,16 @@ int early_cb(SSL *ssl, int *al, void *arg) {
   const unsigned char *ext;
   size_t extlen;
 
-  if (!SSL_early_get0_ext(conn->tls.ssl, TLSEXT_TYPE_early_data, &ext,
-                          &extlen)) {
+  if (!SSL_client_hello_get0_ext(conn->tls.ssl, TLSEXT_TYPE_early_data, &ext,
+                                 &extlen)) {
     if (LOG_ENABLED(INFO)) {
       LOG(INFO) << "early_data extension does not exist";
     }
     return 1;
   }
 
-  if (!SSL_early_get0_ext(conn->tls.ssl, TLSEXT_TYPE_psk, &ext, &extlen)) {
+  if (!SSL_client_hello_get0_ext(conn->tls.ssl, TLSEXT_TYPE_psk, &ext,
+                                 &extlen)) {
     if (LOG_ENABLED(INFO)) {
       LOG(INFO) << "pre_shared_key extension does not exist";
     }
@@ -1019,7 +1020,7 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
   SSL_CTX_set_info_callback(ssl_ctx, info_callback);
 
 #if OPENSSL_1_1_1_API
-  SSL_CTX_set_early_cb(ssl_ctx, early_cb, nullptr);
+  SSL_CTX_set_client_hello_cb(ssl_ctx, early_cb, nullptr);
 #endif // OPENSSL_1_1_1_API
 
 #ifdef OPENSSL_IS_BORINGSSL