libtls: Check for CHANGE_CIPHER_SPEC type only if upper layer returns NEED_MORE
[strongswan.git] / src / libtls / tls_protection.c
index b016db2..e73fedc 100644 (file)
@@ -101,14 +101,13 @@ METHOD(tls_protection_t, build, status_t,
        status_t status;
 
        status = this->compression->build(this->compression, type, data);
-       if (*type == TLS_CHANGE_CIPHER_SPEC)
-       {
-               this->seq_out = 0;
-               return status;
-       }
-
        if (status == NEED_MORE)
        {
+               if (*type == TLS_CHANGE_CIPHER_SPEC)
+               {
+                       this->seq_out = 0;
+                       return status;
+               }
                if (this->aead_out)
                {
                        if (!this->aead_out->encrypt(this->aead_out, this->version,