dtls13: wolfSSL_is_init_finished true after last server ACK

Do not consider the handshake finished until the last server ACK.
This way the application knows where to switch from
wolfSSL_negotiate/wolfSSL_connect to wolfSSL_read/wolfSSL_write.

Author: rizlik

src/ssl.c

@@ -12811,6 +12811,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         if (ssl == NULL)
             return 0;
 
+#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT)
+    if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls
+            && IsAtLeastTLSv1_3(ssl->version)) {
+        return ssl->options.serverState == SERVER_FINISHED_ACKED;
+    }
+#endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT */
+
         /* Can't use ssl->options.connectState and ssl->options.acceptState
          * because they differ in meaning for TLS <=1.2 and 1.3 */
         if (ssl->options.handShakeState == HANDSHAKE_DONE)

tests/api.c

@@ -66072,8 +66072,7 @@ static int test_dtls13_missing_finished_server(void)
     ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
     /* Let's clear the output */
     test_memio_clear_buffer(&test_ctx, 0);
-    /* We should signal that the handshake is done */
-    ExpectTrue(wolfSSL_is_init_finished(ssl_c));
+    ExpectFalse(wolfSSL_is_init_finished(ssl_c));
     /* Let's send some app data */
     ExpectIntEQ(wolfSSL_write(ssl_c, test_str, sizeof(test_str)),
                 sizeof(test_str));