diff options
| author | Richard Levitte <levitte@openssl.org> | 2014-11-28 20:40:10 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2014-11-28 23:31:53 +0100 |
| commit | d93112abc600066b636859bea55ba55701441452 (patch) | |
| tree | 5d1cb0fafffda4ab18690f8fc0f91256577b3b28 /ssl | |
| parent | 875a33d7f71295ab46e756b628a1e492215f7c8c (diff) | |
[PR3597] Advance to the next state variant when reusing messages.
Previously, state variant was not advanced, which resulted in state
being stuck in the st1 variant (usually "_A").
This broke certificate callback retry logic when accepting connections
that were using SSLv2 ClientHello (hence reusing the message), because
their state never advanced to SSL3_ST_SR_CLNT_HELLO_C variant required
for the retry code path.
Reported by Yichun Zhang (agentzh).
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/s3_both.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 4801dbfb85..a920593966 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -408,6 +408,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) goto f_err; } *ok=1; + s->state = stn; s->init_msg = s->init_buf->data + 4; s->init_num = (int)s->s3->tmp.message_size; return s->init_num; |