Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
just sent a HelloRequest.
This commit is contained in:
parent
3f98e1dd11
commit
f8845509b6
3 changed files with 23 additions and 12 deletions
6
CHANGES
6
CHANGES
|
@ -6,11 +6,13 @@
|
||||||
|
|
||||||
*) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
|
*) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
|
||||||
should end in 'break', not 'goto end' which circuments various
|
should end in 'break', not 'goto end' which circuments various
|
||||||
cleanups.
|
cleanups done in state SSL_ST_OK. But session related stuff
|
||||||
|
must be disabled for SSL_ST_OK in the case that we just sent a
|
||||||
|
HelloRequest.
|
||||||
|
|
||||||
Also avoid some overhead by not calling ssl_init_wbio_buffer()
|
Also avoid some overhead by not calling ssl_init_wbio_buffer()
|
||||||
before just sending a HelloRequest.
|
before just sending a HelloRequest.
|
||||||
[Bodo Moeller]
|
[Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
|
||||||
|
|
||||||
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
|
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
|
||||||
reveal whether illegal block cipher padding was found or a MAC
|
reveal whether illegal block cipher padding was found or a MAC
|
||||||
|
|
|
@ -167,6 +167,7 @@ int ssl3_accept(SSL *s)
|
||||||
long num1;
|
long num1;
|
||||||
int ret= -1;
|
int ret= -1;
|
||||||
int new_state,state,skip=0;
|
int new_state,state,skip=0;
|
||||||
|
int got_new_session=0;
|
||||||
|
|
||||||
RAND_add(&Time,sizeof(Time),0);
|
RAND_add(&Time,sizeof(Time),0);
|
||||||
ERR_clear_error();
|
ERR_clear_error();
|
||||||
|
@ -279,6 +280,7 @@ int ssl3_accept(SSL *s)
|
||||||
s->shutdown=0;
|
s->shutdown=0;
|
||||||
ret=ssl3_get_client_hello(s);
|
ret=ssl3_get_client_hello(s);
|
||||||
if (ret <= 0) goto end;
|
if (ret <= 0) goto end;
|
||||||
|
got_new_session=1;
|
||||||
s->state=SSL3_ST_SW_SRVR_HELLO_A;
|
s->state=SSL3_ST_SW_SRVR_HELLO_A;
|
||||||
s->init_num=0;
|
s->init_num=0;
|
||||||
break;
|
break;
|
||||||
|
@ -509,18 +511,23 @@ int ssl3_accept(SSL *s)
|
||||||
/* remove buffering on output */
|
/* remove buffering on output */
|
||||||
ssl_free_wbio_buffer(s);
|
ssl_free_wbio_buffer(s);
|
||||||
|
|
||||||
s->new_session=0;
|
|
||||||
s->init_num=0;
|
s->init_num=0;
|
||||||
|
|
||||||
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
|
if (got_new_session) /* skipped if we just sent a HelloRequest */
|
||||||
|
{
|
||||||
s->ctx->stats.sess_accept_good++;
|
/* actually not necessarily a 'new' session */
|
||||||
/* s->server=1; */
|
|
||||||
s->handshake_func=ssl3_accept;
|
s->new_session=0;
|
||||||
ret=1;
|
|
||||||
|
ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
|
||||||
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
|
|
||||||
|
s->ctx->stats.sess_accept_good++;
|
||||||
|
/* s->server=1; */
|
||||||
|
s->handshake_func=ssl3_accept;
|
||||||
|
|
||||||
|
if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
|
||||||
|
}
|
||||||
|
|
||||||
goto end;
|
goto end;
|
||||||
/* break; */
|
/* break; */
|
||||||
|
|
||||||
|
|
|
@ -583,7 +583,9 @@ struct ssl_st
|
||||||
|
|
||||||
int server; /* are we the server side? - mostly used by SSL_clear*/
|
int server; /* are we the server side? - mostly used by SSL_clear*/
|
||||||
|
|
||||||
int new_session;/* 1 if we are to use a new session */
|
int new_session;/* 1 if we are to use a new session.
|
||||||
|
* NB: For servers, the 'new' session may actually be a previously
|
||||||
|
* cached session or even the previous session */
|
||||||
int quiet_shutdown;/* don't send shutdown packets */
|
int quiet_shutdown;/* don't send shutdown packets */
|
||||||
int shutdown; /* we have shut things down, 0x01 sent, 0x02
|
int shutdown; /* we have shut things down, 0x01 sent, 0x02
|
||||||
* for received */
|
* for received */
|
||||||
|
|
Loading…
Reference in a new issue