diff options
author | Richard Levitte <levitte@openssl.org> | 2014-11-28 20:40:10 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2014-11-28 20:47:41 +0100 |
commit | 7a04b854d655785798d471df25ffd5036f3cc46b (patch) | |
tree | 808035b82fdd8636b6ebc1773d9f491377d7611f /ssl | |
parent | 8123d158ab6f0a6a468748c133e33c2063ff36b5 (diff) |
[PR3597] Advance to the next state variant when reusing messages.
Previously, state variant was not advanced, which resulted in state
being stuck in the st1 variant (usually "_A").
This broke certificate callback retry logic when accepting connections
that were using SSLv2 ClientHello (hence reusing the message), because
their state never advanced to SSL3_ST_SR_CLNT_HELLO_C variant required
for the retry code path.
Reported by Yichun Zhang (agentzh).
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_both.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index beef06f96b..b110e3c361 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -358,6 +358,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) goto f_err; } *ok=1; + s->state = stn; s->init_msg = s->init_buf->data + 4; s->init_num = (int)s->s3->tmp.message_size; return s->init_num; |