tris: move Commit to just before key share generation

In particular move it to after cipher suite negotiation and after
HelloRetryRequest check.

13.go

@@ -53,6 +53,12 @@ CurvePreferenceLoop:
 		return errors.New("tls: HelloRetryRequest not implemented") // TODO(filippo)
 	}
 
+	if committer, ok := c.conn.(Committer); ok {
+		if err := committer.Commit(); err != nil {
+			return err
+		}
+	}
+
 	privateKey, serverKS, err := config.generateKeyShare(ks.group)
 	if err != nil {
 		c.sendAlert(alertInternalError)

handshake_server.go

@@ -160,6 +160,7 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) {
 
 	if c.config.GetConfigForClient != nil {
 		if newConfig, err := c.config.GetConfigForClient(hs.clientHelloInfo()); err != nil {
+			c.out.traceErr, c.in.traceErr = nil, nil // disable tracing
 			c.sendAlert(alertInternalError)
 			return false, err
 		} else if newConfig != nil {
@@ -287,21 +288,13 @@ Curves:
 
 	hs.cert, err = c.config.getCertificate(hs.clientHelloInfo())
 	if err != nil {
-		c.out.traceErr, c.in.traceErr = nil, nil // disable tracing
 		c.sendAlert(alertInternalError)
 		return false, err
 	}
-	if hs.clientHello.scts && hs.hello != nil { // TODO: TLS 1.3 SCTs
+	if hs.clientHello.scts && hs.hello != nil {
 		hs.hello.scts = hs.cert.SignedCertificateTimestamps
 	}
 
-	if committer, ok := c.conn.(Committer); ok { // TODO: probably committing too early
-		err = committer.Commit()
-		if err != nil {
-			return false, err
-		}
-	}
-
 	if priv, ok := hs.cert.PrivateKey.(crypto.Signer); ok {
 		switch priv.Public().(type) {
 		case *ecdsa.PublicKey: