[PR3597] Advance to the next state variant when reusing messages.
Previously, state variant was not advanced, which resulted in state being stuck in the st1 variant (usually "_A"). This broke certificate callback retry logic when accepting connections that were using SSLv2 ClientHello (hence reusing the message), because their state never advanced to SSL3_ST_SR_CLNT_HELLO_C variant required for the retry code path. Reported by Yichun Zhang (agentzh). Signed-off-by: Piotr Sikora <piotr@cloudflare.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Richard Levitte
parent
89e1e5c84d
commit
67a0ea702b
1 changed files with 1 additions and 0 deletions
|
|
@ -358,6 +358,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
|
||||||
goto f_err;
|
goto f_err;
|
||||||
}
|
}
|
||||||
*ok=1;
|
*ok=1;
|
||||||
|
s->state = stn;
|
||||||
s->init_msg = s->init_buf->data + 4;
|
s->init_msg = s->init_buf->data + 4;
|
||||||
s->init_num = (int)s->s3->tmp.message_size;
|
s->init_num = (int)s->s3->tmp.message_size;
|
||||||
return s->init_num;
|
return s->init_num;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue