diff options
| author | Richard Levitte <levitte@openssl.org> | 2014-11-28 20:40:10 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2014-11-28 23:31:45 +0100 |
| commit | 14e9a78d479ee4f41795732785d0e79fc4c63c2b (patch) | |
| tree | b9a67ff2b682b761e9d86ad96ac6d66b00a4cdce | |
| parent | 2aca9b272e347c671fa5cfdb375645ab8a9adc22 (diff) | |
[PR3597] Advance to the next state variant when reusing messages.
Previously, state variant was not advanced, which resulted in state
being stuck in the st1 variant (usually "_A").
This broke certificate callback retry logic when accepting connections
that were using SSLv2 ClientHello (hence reusing the message), because
their state never advanced to SSL3_ST_SR_CLNT_HELLO_C variant required
for the retry code path.
Reported by Yichun Zhang (agentzh).
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
| -rw-r--r-- | ssl/s3_both.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 53b9390fdd..3581fbf4ff 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -439,6 +439,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) goto f_err; } *ok=1; + s->state = stn; s->init_msg = s->init_buf->data + 4; s->init_num = (int)s->s3->tmp.message_size; return s->init_num; |