diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4e2dae0ee8..1daa348f9c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -590,6 +590,7 @@ int SSL_clear(SSL *s) OPENSSL_free(s->psksession_id); s->psksession_id = NULL; s->psksession_id_len = 0; + s->hello_retry_request = 0; s->error = 0; s->hit = 0; diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 29660d59c4..45cb9ab092 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -311,7 +311,11 @@ static int state_machine(SSL *s, int server) st->in_handshake++; if (!SSL_in_init(s) || SSL_in_before(s)) { - if (!SSL_clear(s)) + /* + * If we are stateless then we already called SSL_clear() - don't do + * it again and clear the STATELESS flag itself. + */ + if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) return -1; } #ifndef OPENSSL_NO_SCTP