From 7c717aafc6f65f855826a79c47398aa1e705e23e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 17 Oct 2007 11:27:25 +0000 Subject: [PATCH] Allow TLS tickets and session ID to both be present if lifetime hint is -1. This never happens in normal SSL sessions but can be useful if the session is being used as a "blob" to contain other data. --- ssl/ssl_asn1.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 8d9fb6d7d3..6e14f4d834 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -200,12 +200,13 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) a.tlsext_tick.type=V_ASN1_OCTET_STRING; a.tlsext_tick.data=(unsigned char *)in->tlsext_tick; /* If we have a ticket set session ID to empty because - * it will be bogus. + * it will be bogus. If liftime hint is -1 treat as a special + * case because the session is being used as a container */ - if (in->tlsext_ticklen) + if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1)) a.session_id.length=0; } - if (in->tlsext_tick_lifetime_hint != 0) + if (in->tlsext_tick_lifetime_hint > 0) { a.tlsext_tick_lifetime.length=LSIZE2; a.tlsext_tick_lifetime.type=V_ASN1_INTEGER; @@ -235,7 +236,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); #ifndef OPENSSL_NO_TLSEXT - if (in->tlsext_tick_lifetime_hint) + if (in->tlsext_tick_lifetime_hint > 0) M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); if (in->tlsext_tick) M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); @@ -268,7 +269,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) #ifndef OPENSSL_NO_TLSEXT if (in->tlsext_hostname) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6); - if (in->tlsext_tick_lifetime_hint) + if (in->tlsext_tick_lifetime_hint > 0) M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9); if (in->tlsext_tick) M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10); @@ -464,8 +465,10 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip); OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } + else if (ret->tlsext_ticklen && ret->session_id_length) + ret->tlsext_tick_lifetime_hint = -1; else - ret->tlsext_tick_lifetime_hint=0; + ret->tlsext_tick_lifetime_hint = 0; os.length=0; os.data=NULL; M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);