diff options
author | David Benjamin <davidben@google.com> | 2016-03-05 19:35:52 -0500 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-05-13 13:04:46 +0100 |
commit | c45d6b2b0dc9a0b191fc3dcaad8035addd1589e6 (patch) | |
tree | 9f6deff2ed67450da7ea220275052929d108eb06 | |
parent | afdd82fb567dbcd003108eb5faab82998d9fbf4d (diff) |
The NewSessionTicket message is not optional.
Per RFC 4507, section 3.3:
This message [NewSessionTicket] MUST be sent if the
server included a SessionTicket extension in the ServerHello. This
message MUST NOT be sent if the server did not include a
SessionTicket extension in the ServerHello.
The presence of the NewSessionTicket message should be determined
entirely from the ServerHello without probing.
RT#4389
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
-rw-r--r-- | ssl/statem/statem_clnt.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4ede88ea2b..8da3e9b622 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -341,9 +341,11 @@ int ossl_statem_client_read_transition(SSL *s, int mt) break; case TLS_ST_CW_FINISHED: - if (mt == SSL3_MT_NEWSESSION_TICKET && s->tlsext_ticket_expected) { - st->hand_state = TLS_ST_CR_SESSION_TICKET; - return 1; + if (s->tlsext_ticket_expected) { + if (mt == SSL3_MT_NEWSESSION_TICKET) { + st->hand_state = TLS_ST_CR_SESSION_TICKET; + return 1; + } } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) { st->hand_state = TLS_ST_CR_CHANGE; return 1; |