diff options
author | Emilia Kasper <emilia@openssl.org> | 2014-11-19 15:56:27 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2014-11-20 14:57:15 +0100 |
commit | 7b3ba508af5c86afe43e28174aa3c53a0a24f4d9 (patch) | |
tree | 529681ed0a7f1dbee6c00c5bfd4905861a8ff3cb /ssl/s3_clnt.c | |
parent | a06cd5d056c6a5b1d161786873e21a5e53d554d8 (diff) |
Set s->hit when resuming from external pre-shared secret.
The same change was independently made in BoringSSL, see commit
9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/s3_clnt.c')
-rw-r--r-- | ssl/s3_clnt.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 98d775b91a..55f8f7b9a1 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -984,6 +984,8 @@ int ssl3_get_server_hello(SSL *s) memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; + s->hit = 0; + /* get the session-id */ j= *(p++); @@ -1007,12 +1009,13 @@ int ssl3_get_server_hello(SSL *s) { s->session->cipher = pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s, p+j); - s->s3->flags |= SSL3_FLAGS_CCS_OK; + s->hit = 1; + s->s3->flags |= SSL3_FLAGS_CCS_OK; } } #endif /* OPENSSL_NO_TLSEXT */ - if (j != 0 && j == s->session->session_id_length + if (!s->hit && j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) { if(s->sid_ctx_length != s->session->sid_ctx_length @@ -1026,11 +1029,11 @@ int ssl3_get_server_hello(SSL *s) s->s3->flags |= SSL3_FLAGS_CCS_OK; s->hit=1; } - else /* a miss or crap from the other end */ + /* a miss or crap from the other end */ + if (!s->hit) { /* If we were trying for session-id reuse, make a new * SSL_SESSION so we don't stuff up other people */ - s->hit=0; if (s->session->session_id_length > 0) { if (!ssl_get_new_session(s,0)) |