diff options
author | Emilia Kasper <emilia@openssl.org> | 2014-11-19 16:40:27 +0100 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2014-11-20 14:57:15 +0100 |
commit | de2c7504ebd4ec15334ae151a31917753468f86f (patch) | |
tree | 851523cb1d61f74403e9ef4394d92a069ac9032a /ssl/s3_clnt.c | |
parent | 980bc1ec6114f5511b20c2e6ca741e61a39b99d6 (diff) |
Always require an advertised NewSessionTicket message.
The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.
An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/s3_clnt.c')
-rw-r--r-- | ssl/s3_clnt.c | 13 |
1 files changed, 1 insertions, 12 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d5e79dfbe9..64439c164a 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2288,24 +2288,13 @@ int ssl3_get_new_session_ticket(SSL *s) n=s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, SSL3_ST_CR_SESSION_TICKET_B, - -1, + SSL3_MT_NEWSESSION_TICKET, 16384, &ok); if (!ok) return((int)n); - if (s->s3->tmp.message_type == SSL3_MT_FINISHED) - { - s->s3->tmp.reuse_message=1; - return(1); - } - if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE); - goto f_err; - } if (n < 6) { /* need at least ticket_lifetime_hint + ticket length */ |