From a1dc0336dd482d0ce0e81d7847365de399899d5f Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 8 Nov 2009 14:30:22 +0000
Subject: Re-revert (re-insert?) temporary change that made renegotiation work
 again and add a proper fix: specifically if it is a new session don't send
 the old TLS ticket, send a zero length ticket to request a new session.

---
 ssl/t1_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ssl/t1_lib.c')

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c9a81f243d..247854e124 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -177,7 +177,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
 		{
 		int ticklen;
-		if (s->session && s->session->tlsext_tick)
+		if (!s->new_session && s->session && s->session->tlsext_tick)
 			ticklen = s->session->tlsext_ticklen;
 		else
 			ticklen = 0;
-- 
cgit v1.2.3