move compliance comment to where handshake is aborted

aws · Jul 6, 2022 · 9373fc8 · 9373fc8
1 parent 386e42e
commit 9373fc8
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/tls/s2n_server_hello_retry.c b/tls/s2n_server_hello_retry.c
@@ -94,11 +94,6 @@ int s2n_server_hello_retry_recv(struct s2n_connection *conn)
      *# and (2) the selected_group field does not
      *# correspond to a group which was provided in the "key_share" extension
      *# in the original ClientHello.
-     *
-     *= https://tools.ietf.org/rfc/rfc8446#section-4.1.4
-     *# Clients MUST abort the handshake with an
-     *# "illegal_parameter" alert if the HelloRetryRequest would not result
-     *# in any change in the ClientHello.
      **/
     bool new_key_share_requested = false;
     if (named_curve != NULL) {
@@ -116,6 +111,11 @@ int s2n_server_hello_retry_recv(struct s2n_connection *conn)
      *# If either of these checks fails, then
      *# the client MUST abort the handshake with an "illegal_parameter"
      *# alert.
+     * 
+     *= https://tools.ietf.org/rfc/rfc8446#section-4.1.4
+     *# Clients MUST abort the handshake with an
+     *# "illegal_parameter" alert if the HelloRetryRequest would not result
+     *# in any change in the ClientHello.
      **/
     POSIX_ENSURE(new_key_share_requested, S2N_ERR_INVALID_HELLO_RETRY);
     POSIX_ENSURE(selected_group_in_supported_groups, S2N_ERR_INVALID_HELLO_RETRY);