diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2007-10-17 11:27:25 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2007-10-17 11:27:25 +0000 |
commit | 7c717aafc6f65f855826a79c47398aa1e705e23e (patch) | |
tree | 3f04869861f43c879fd5a91823025083fb18e696 /ssl/ssl_asn1.c | |
parent | 225aeb171e3b6c366b46eb4d5c865a2b95fe088a (diff) |
Allow TLS tickets and session ID to both be present if lifetime hint is -1.
This never happens in normal SSL sessions but can be useful if the session
is being used as a "blob" to contain other data.
Diffstat (limited to 'ssl/ssl_asn1.c')
-rw-r--r-- | ssl/ssl_asn1.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 8d9fb6d7d3..6e14f4d834 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -200,12 +200,13 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) a.tlsext_tick.type=V_ASN1_OCTET_STRING; a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; /* If we have a ticket set session ID to empty because - * it will be bogus. + * it will be bogus. If liftime hint is -1 treat as a special + * case because the session is being used as a container */ - if (in->tlsext_ticklen) + if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1)) a.session_id.length=0; } - if (in->tlsext_tick_lifetime_hint != 0) + if (in->tlsext_tick_lifetime_hint > 0) { a.tlsext_tick_lifetime.length=LSIZE2; a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; @@ -235,7 +236,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); #ifndef OPENSSL_NO_TLSEXT - if (in->tlsext_tick_lifetime_hint) + if (in->tlsext_tick_lifetime_hint > 0) M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); if (in->tlsext_tick) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); @@ -268,7 +269,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) #ifndef OPENSSL_NO_TLSEXT if (in->tlsext_hostname) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); - if (in->tlsext_tick_lifetime_hint) + if (in->tlsext_tick_lifetime_hint > 0) M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); if (in->tlsext_tick) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); @@ -464,8 +465,10 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } + else if (ret->tlsext_ticklen && ret->session_id_length) + ret->tlsext_tick_lifetime_hint = -1; else - ret->tlsext_tick_lifetime_hint=0; + ret->tlsext_tick_lifetime_hint = 0; os.length=0; os.data=NULL; M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10); |