Update from stable branch.
This commit is contained in:
Dr. Stephen Henson
parent
b664536914
commit
409e30479a
4 changed files with 18 additions and 7 deletions
|
|
@ -1225,6 +1225,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
|
|||
|
||||
if (s->s3->tmp.key_block == NULL)
|
||||
{
|
||||
if (s->session == NULL)
|
||||
{
|
||||
/* might happen if dtls1_read_bytes() calls this */
|
||||
SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
|
||||
return (0);
|
||||
}
|
||||
|
||||
s->session->cipher=s->s3->tmp.new_cipher;
|
||||
if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1709,6 +1709,7 @@ void ERR_load_SSL_strings(void);
|
|||
#define SSL_F_SSL3_CONNECT 132
|
||||
#define SSL_F_SSL3_CTRL 213
|
||||
#define SSL_F_SSL3_CTX_CTRL 133
|
||||
#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279
|
||||
#define SSL_F_SSL3_ENC 134
|
||||
#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
|
||||
#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/* ssl/ssl_err.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
|
@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
|||
{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
|
||||
{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
|
||||
{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
|
||||
{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
|
||||
{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
|
||||
{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
|
||||
{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
|
||||
|
|
|
|||
14
ssl/t1_lib.c
14
ssl/t1_lib.c
|
|
@ -734,6 +734,13 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
|
|||
/* Point after session ID in client hello */
|
||||
const unsigned char *p = session_id + len;
|
||||
unsigned short i;
|
||||
|
||||
/* If tickets disabled behave as if no ticket present
|
||||
* to permit stateful resumption.
|
||||
*/
|
||||
if (SSL_get_options(s) & SSL_OP_NO_TICKET)
|
||||
return 1;
|
||||
|
||||
if ((s->version <= SSL3_VERSION) || !limit)
|
||||
return 1;
|
||||
if (p >= limit)
|
||||
|
|
@ -761,12 +768,7 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
|
|||
return 1;
|
||||
if (type == TLSEXT_TYPE_session_ticket)
|
||||
{
|
||||
/* If tickets disabled indicate cache miss which will
|
||||
* trigger a full handshake
|
||||
*/
|
||||
if (SSL_get_options(s) & SSL_OP_NO_TICKET)
|
||||
return 0;
|
||||
/* If zero length not client will accept a ticket
|
||||
/* If zero length note client will accept a ticket
|
||||
* and indicate cache miss to trigger full handshake
|
||||
*/
|
||||
if (size == 0)
|
||||
|
|
|
|||
Loading…
Reference in a new issue