Fix SSL_set_session_ticket_ext when used with SSLv23_method
The function SSL_set_session_ticket_ext can be used to set custom session ticket data passed in the initial ClientHello. This can be particularly useful for EAP-FAST. However, when using SSLv23_method, the session does not get created until the ServerHello has been received. The extension code will only add the SessionTicket data to the ClientHello if a session already exists. Therefore SSL_set_session_ticket_ext has no impact when used in conjunction with SSLv23_method. The solution is to simply create the session during creation of the ClientHello instead of waiting for the ServerHello. This commit fixes the test failure introduced by the previous commit. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
parent
09368c044b
commit
f0348c842e
1 changed files with 5 additions and 14 deletions
|
@ -375,12 +375,13 @@ static int ssl23_client_hello(SSL *s)
|
||||||
|
|
||||||
buf = (unsigned char *)s->init_buf->data;
|
buf = (unsigned char *)s->init_buf->data;
|
||||||
if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
|
if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
|
||||||
#if 0
|
/*
|
||||||
/* don't reuse session-id's */
|
* Since we're sending s23 client hello, we're not reusing a session, as
|
||||||
|
* we'd be using the method from the saved session instead
|
||||||
|
*/
|
||||||
if (!ssl_get_new_session(s, 0)) {
|
if (!ssl_get_new_session(s, 0)) {
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
p = s->s3->client_random;
|
p = s->s3->client_random;
|
||||||
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
|
if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
|
||||||
|
@ -445,9 +446,6 @@ static int ssl23_client_hello(SSL *s)
|
||||||
/*
|
/*
|
||||||
* put in the session-id length (zero since there is no reuse)
|
* put in the session-id length (zero since there is no reuse)
|
||||||
*/
|
*/
|
||||||
#if 0
|
|
||||||
s->session->session_id_length = 0;
|
|
||||||
#endif
|
|
||||||
s2n(0, d);
|
s2n(0, d);
|
||||||
|
|
||||||
if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
|
if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
|
||||||
|
@ -796,13 +794,6 @@ static int ssl23_get_server_hello(SSL *s)
|
||||||
}
|
}
|
||||||
s->init_num = 0;
|
s->init_num = 0;
|
||||||
|
|
||||||
/*
|
|
||||||
* Since, if we are sending a ssl23 client hello, we are not reusing a
|
|
||||||
* session-id
|
|
||||||
*/
|
|
||||||
if (!ssl_get_new_session(s, 0))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
return (SSL_connect(s));
|
return (SSL_connect(s));
|
||||||
err:
|
err:
|
||||||
return (-1);
|
return (-1);
|
||||||
|
|
Loading…
Reference in a new issue