Rework the decrypt ticket callback

Don't call the decrypt ticket callback if we've already encountered a fatal error. Do call it if we have an empty ticket present. Change the return code to have 5 distinct returns codes and separate it from the input status value. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6198)
author: Matt Caswell <matt@openssl.org> 2018-05-09 18:22:36 +0100
committer: Matt Caswell <matt@openssl.org> 2018-05-11 14:51:09 +0100
commit: 61fb59238dad6452a37ec14513fae617a4faef29 (patch)
tree: 5737eeba510f7a64792d3ac007f794d62a2dcb8a /ssl/ssl_sess.c
parent: c20e3b282c26205f39a89a23664245475d4d7cbc (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index f936cb687f..541f82a851 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -485,9 +485,14 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
     SSL_SESSION *ret = NULL;
     int fatal = 0, discard;
     int try_session_cache = 0;
-    SSL_TICKET_RETURN r;
+    SSL_TICKET_STATUS r;
 
     if (SSL_IS_TLS13(s)) {
+        /*
+         * By default we will send a new ticket. This can be overridden in the
+         * ticket processing.
+         */
+        s->ext.ticket_expected = 1;
         if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
                                  SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
                                  NULL, 0)
author	Matt Caswell <matt@openssl.org>	2018-05-09 18:22:36 +0100
committer	Matt Caswell <matt@openssl.org>	2018-05-11 14:51:09 +0100
commit	61fb59238dad6452a37ec14513fae617a4faef29 (patch)
tree	5737eeba510f7a64792d3ac007f794d62a2dcb8a /ssl/ssl_sess.c
parent	c20e3b282c26205f39a89a23664245475d4d7cbc (diff)