diff options
author | Matt Caswell <matt@openssl.org> | 2018-05-09 18:22:36 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-05-11 14:51:09 +0100 |
commit | 61fb59238dad6452a37ec14513fae617a4faef29 (patch) | |
tree | 5737eeba510f7a64792d3ac007f794d62a2dcb8a /ssl/ssl_sess.c | |
parent | c20e3b282c26205f39a89a23664245475d4d7cbc (diff) |
Rework the decrypt ticket callback
Don't call the decrypt ticket callback if we've already encountered a
fatal error. Do call it if we have an empty ticket present.
Change the return code to have 5 distinct returns codes and separate it
from the input status value.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6198)
Diffstat (limited to 'ssl/ssl_sess.c')
-rw-r--r-- | ssl/ssl_sess.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index f936cb687f..541f82a851 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -485,9 +485,14 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) SSL_SESSION *ret = NULL; int fatal = 0, discard; int try_session_cache = 0; - SSL_TICKET_RETURN r; + SSL_TICKET_STATUS r; if (SSL_IS_TLS13(s)) { + /* + * By default we will send a new ticket. This can be overridden in the + * ticket processing. + */ + s->ext.ticket_expected = 1; if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes, SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts, NULL, 0) |