Avoid "excessive message size" for session tickets

We received a report of an "excessive message size" for a received session ticket. Our maximum size was significantly less than the theoretical maximum. The server may put any data it likes in the session ticket including (for example) the full certificate chain so we should be able to handle longer tickets. Update the value to the maximum allowed by the spec. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15877) (cherry picked from commit e54f0c9b2fe3dd2dcb5e8100e2c69e5b2f6eb681)
author: Matt Caswell <matt@openssl.org> 2021-06-23 08:54:12 +0100
committer: Matt Caswell <matt@openssl.org> 2021-07-12 10:01:59 +0100
commit: 5b71c677781ca260c8d9968c103d92c44d644007 (patch)
tree: c91de96a36bb921d02b84106a3301ad5148d0b09 /ssl/statem/statem_clnt.c
parent: ea26844c4f624ef515d9228d3b623761a369b049 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 5543e08c59..d1a3969812 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1001,7 +1001,8 @@ size_t ossl_statem_client_max_message_size(SSL *s)
         return CCS_MAX_LENGTH;
 
     case TLS_ST_CR_SESSION_TICKET:
-        return SSL3_RT_MAX_PLAIN_LENGTH;
+        return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13
+                                 : SESSION_TICKET_MAX_LENGTH_TLS12;
 
     case TLS_ST_CR_FINISHED:
         return FINISHED_MAX_LENGTH;
author	Matt Caswell <matt@openssl.org>	2021-06-23 08:54:12 +0100
committer	Matt Caswell <matt@openssl.org>	2021-07-12 10:01:59 +0100
commit	5b71c677781ca260c8d9968c103d92c44d644007 (patch)
tree	c91de96a36bb921d02b84106a3301ad5148d0b09 /ssl/statem/statem_clnt.c
parent	ea26844c4f624ef515d9228d3b623761a369b049 (diff)