diff options
author | Matt Caswell <matt@openssl.org> | 2015-08-13 10:06:30 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-08-26 10:17:49 +0100 |
commit | ee4ffd6fccd169775ba74afb1dbfecff48ee413d (patch) | |
tree | d87e737ddfe21647da4979f28e3e976561eeb344 | |
parent | d6dfa55038fdb948cb214adf634f379eeb859f5d (diff) |
Fix DTLS session ticket renewal
A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.
The bug can be demonstrated as follows:
Start a DTLS s_server instance:
openssl s_server -dtls
Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket
Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem
The client will abort the handshake.
Reviewed-by: Tim Hudson <tjh@openssl.org>
-rw-r--r-- | ssl/d1_clnt.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index d4116147b4..083333eedb 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -380,6 +380,10 @@ int dtls1_connect(SSL *s) #endif s->state = SSL3_ST_CR_CHANGE_A; + if (s->tlsext_ticket_expected) { + /* receive renewed session ticket */ + s->state = SSL3_ST_CR_SESSION_TICKET_A; + } } else s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A; } |