diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-11-08 14:30:22 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-11-08 14:30:22 +0000 |
commit | a1dc0336dd482d0ce0e81d7847365de399899d5f (patch) | |
tree | dc2758d900a29b3ade0c65d9eb24cc31c34276ad /ssl | |
parent | d99a35f275be593de4f89cc94ac968f49dd66654 (diff) |
Re-revert (re-insert?) temporary change that made renegotiation work again
and add a proper fix: specifically if it is a new session don't send the old
TLS ticket, send a zero length ticket to request a new session.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_clnt.c | 23 | ||||
-rw-r--r-- | ssl/t1_lib.c | 2 |
2 files changed, 23 insertions, 2 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index a76162646e..9929d0c92c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1744,7 +1744,28 @@ int ssl3_get_new_session_ticket(SSL *s) } memcpy(s->session->tlsext_tick, p, ticklen); s->session->tlsext_ticklen = ticklen; - + /* There are two ways to detect a resumed ticket sesion. + * One is to set an appropriate session ID and then the server + * must return a match in ServerHello. This allows the normal + * client session ID matching to work and we know much + * earlier that the ticket has been accepted. + * + * The other way is to set zero length session ID when the + * ticket is presented and rely on the handshake to determine + * session resumption. + * + * We choose the former approach because this fits in with + * assumptions elsewhere in OpenSSL. The session ID is set + * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the + * ticket. + */ + EVP_Digest(p, ticklen, + s->session->session_id, &s->session->session_id_length, +#ifndef OPENSSL_NO_SHA256 + EVP_sha256(), NULL); +#else + EVP_sha1(), NULL); +#endif ret=1; return(ret); f_err: diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index c9a81f243d..247854e124 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -177,7 +177,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { int ticklen; - if (s->session && s->session->tlsext_tick) + if (!s->new_session && s->session && s->session->tlsext_tick) ticklen = s->session->tlsext_ticklen; else ticklen = 0; |