Set s->hit when resuming from external pre-shared secret.
The same change was independently made in BoringSSL, see commit
9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 7b3ba508af)
This commit is contained in:
Emilia Kasper
parent
e2f69f5ce7
commit
1eaccbef57
1 changed files with 7 additions and 4 deletions
|
|
@ -880,6 +880,8 @@ int ssl3_get_server_hello(SSL *s)
|
|||
memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
|
||||
p+=SSL3_RANDOM_SIZE;
|
||||
|
||||
s->hit = 0;
|
||||
|
||||
/* get the session-id */
|
||||
j= *(p++);
|
||||
|
||||
|
|
@ -903,12 +905,13 @@ int ssl3_get_server_hello(SSL *s)
|
|||
{
|
||||
s->session->cipher = pref_cipher ?
|
||||
pref_cipher : ssl_get_cipher_by_char(s, p+j);
|
||||
s->s3->flags |= SSL3_FLAGS_CCS_OK;
|
||||
s->hit = 1;
|
||||
s->s3->flags |= SSL3_FLAGS_CCS_OK;
|
||||
}
|
||||
}
|
||||
#endif /* OPENSSL_NO_TLSEXT */
|
||||
|
||||
if (j != 0 && j == s->session->session_id_length
|
||||
if (!s->hit && j != 0 && j == s->session->session_id_length
|
||||
&& memcmp(p,s->session->session_id,j) == 0)
|
||||
{
|
||||
if(s->sid_ctx_length != s->session->sid_ctx_length
|
||||
|
|
@ -922,11 +925,11 @@ int ssl3_get_server_hello(SSL *s)
|
|||
s->s3->flags |= SSL3_FLAGS_CCS_OK;
|
||||
s->hit=1;
|
||||
}
|
||||
else /* a miss or crap from the other end */
|
||||
/* a miss or crap from the other end */
|
||||
if (!s->hit)
|
||||
{
|
||||
/* If we were trying for session-id reuse, make a new
|
||||
* SSL_SESSION so we don't stuff up other people */
|
||||
s->hit=0;
|
||||
if (s->session->session_id_length > 0)
|
||||
{
|
||||
if (!ssl_get_new_session(s,0))
|
||||
|
|
|
|||
Loading…
Reference in a new issue