Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset

once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit e94a6c0ede623960728415b68650a595e48f5a43)
author: Emilia Kasper <emilia@openssl.org> 2014-11-19 17:01:36 +0100
committer: Emilia Kasper <emilia@openssl.org> 2014-11-20 15:17:36 +0100
commit: e5f261df7369a8d1734045ed59e12b42142a9147 (patch)
tree: 7a149a3254d47240c1de4424e913f7ad4dd10fca /ssl/t1_lib.c
parent: 9baee0216fe3bf572435a867963bdeea8ad95b59 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 160ce7628a..8e802a2e3f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2560,7 +2560,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
 #ifndef OPENSSL_NO_NEXTPROTONEG
 	s->s3->next_proto_neg_seen = 0;
 #endif
-        s->tlsext_ticket_expected = 0;
+	s->tlsext_ticket_expected = 0;
 
 	if (s->s3->alpn_selected)
 		{
author	Emilia Kasper <emilia@openssl.org>	2014-11-19 17:01:36 +0100
committer	Emilia Kasper <emilia@openssl.org>	2014-11-20 15:17:36 +0100
commit	e5f261df7369a8d1734045ed59e12b42142a9147 (patch)
tree	7a149a3254d47240c1de4424e913f7ad4dd10fca /ssl/t1_lib.c
parent	9baee0216fe3bf572435a867963bdeea8ad95b59 (diff)