Fix DTLS session resumption

The session object on the client side is initially created during construction of the ClientHello. If the client is DTLS1.2 capable then it will store 1.2 as the version for the session. However if the server is only DTLS1.0 capable then when the ServerHello comes back the client switches to using DTLS1.0 from then on. However the session version does not get updated. Therefore when the client attempts to resume that session the server throws an alert because of an incorrect protocol version. Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-05-06 11:40:06 +0100
committer: Matt Caswell <matt@openssl.org> 2015-06-04 09:02:39 +0100
commit: 7322abf5cefdeb47c7d61f3b916c428bf2cd69b6 (patch)
tree: 28e26eaf0a364f5ec1834c3f3cdc889cd9effce6 /ssl
parent: 97cacc537eba474d27dea0f96796b3b754e60034 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d6f53b0dea..888fe4f541 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1036,7 +1036,7 @@ int ssl3_get_server_hello(SSL *s)
             al = SSL_AD_PROTOCOL_VERSION;
             goto f_err;
         }
-        s->version = s->method->version;
+        s->session->ssl_version = s->version = s->method->version;
     } else if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
         SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
         s->version = (s->version & 0xff00) | p[1];
author	Matt Caswell <matt@openssl.org>	2015-05-06 11:40:06 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-04 09:02:39 +0100
commit	7322abf5cefdeb47c7d61f3b916c428bf2cd69b6 (patch)
tree	28e26eaf0a364f5ec1834c3f3cdc889cd9effce6 /ssl
parent	97cacc537eba474d27dea0f96796b3b754e60034 (diff)