1 files changed, 14 insertions, 9 deletions

diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index 5071507bbd6..728d1a00c86 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.11 2019/02/25 16:39:14 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.12 2019/02/25 16:46:17 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -687,14 +687,6 @@ tls13_client_finished_send(struct tls13_ctx *ctx)
 	if (!tls13_handshake_msg_finish(ctx->hs_msg))
 		goto err;
 
-	/*
-	 * Any records following the client finished message must be encrypted
-	 * using the client application traffic keys.
-	 */
-	if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
-	    &secrets->client_application_traffic))
-		goto err;
-
 	ret = 1;
 
  err:
@@ -702,3 +694,16 @@ tls13_client_finished_send(struct tls13_ctx *ctx)
 
 	return ret;
 }
+
+int
+tls13_client_finished_sent(struct tls13_ctx *ctx)
+{
+	struct tls13_secrets *secrets = ctx->hs->secrets;
+
+	/*
+	 * Any records following the client finished message must be encrypted
+	 * using the client application traffic keys.
+	 */
+	return tls13_record_layer_set_write_traffic_key(ctx->rl,
+	    &secrets->client_application_traffic);
+}