[PR3597] Advance to the next state variant when reusing messages.

Previously, state variant was not advanced, which resulted in state being stuck in the st1 variant (usually "_A"). This broke certificate callback retry logic when accepting connections that were using SSLv2 ClientHello (hence reusing the message), because their state never advanced to SSL3_ST_SR_CLNT_HELLO_C variant required for the retry code path. Reported by Yichun Zhang (agentzh). Signed-off-by: Piotr Sikora <piotr@cloudflare.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2014-11-28 20:40:10 +0100
committer: Richard Levitte <levitte@openssl.org> 2014-11-28 20:47:41 +0100
commit: 7a04b854d655785798d471df25ffd5036f3cc46b (patch)
tree: 808035b82fdd8636b6ebc1773d9f491377d7611f /ssl/s3_both.c
parent: 8123d158ab6f0a6a468748c133e33c2063ff36b5 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index beef06f96b..b110e3c361 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -358,6 +358,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 			goto f_err;
 			}
 		*ok=1;
+		s->state = stn;
 		s->init_msg = s->init_buf->data + 4;
 		s->init_num = (int)s->s3->tmp.message_size;
 		return s->init_num;
author	Richard Levitte <levitte@openssl.org>	2014-11-28 20:40:10 +0100
committer	Richard Levitte <levitte@openssl.org>	2014-11-28 20:47:41 +0100
commit	7a04b854d655785798d471df25ffd5036f3cc46b (patch)
tree	808035b82fdd8636b6ebc1773d9f491377d7611f /ssl/s3_both.c
parent	8123d158ab6f0a6a468748c133e33c2063ff36b5 (diff)