openssl/ssl
Matt Caswell be8b8603d6 Fix DTLS session ticket renewal
A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.

The bug can be demonstrated as follows:

Start a DTLS s_server instance:
openssl s_server -dtls

Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket

Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem

The client will abort the handshake.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ee4ffd6fcc)

Conflicts:
	ssl/d1_clnt.c
2015-08-26 10:27:35 +01:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
clienthellotest.c Add test for SSL_set_session_ticket_ext 2015-07-27 16:14:02 +01:00
d1_both.c Fix "make test" seg fault with SCTP enabled 2015-08-11 22:27:05 +01:00
d1_clnt.c Fix DTLS session ticket renewal 2015-08-26 10:27:35 +01:00
d1_enc.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
d1_lib.c Clear state in DTLSv1_listen 2015-06-02 09:12:39 +01:00
d1_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
d1_pkt.c Lost alert in DTLS 2015-05-22 10:24:49 +01:00
d1_srtp.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
d1_srvr.c Fix missing return value checks in SCTP 2015-08-11 22:27:05 +01:00
dtls1.h Fix d2i_SSL_SESSION for DTLS1_BAD_VER 2015-02-27 20:32:49 +00:00
heartbeat_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:22 +00:00
kssl.c Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
kssl.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
kssl_lcl.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
Makefile Add test for SSL_set_session_ticket_ext 2015-07-27 16:14:02 +01:00
s2_clnt.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s2_enc.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s2_lib.c Fix reachable assert in SSLv2 servers. 2015-03-19 12:59:31 +00:00
s2_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s2_pkt.c Add length sanity check in SSLv2 n_do_ssl_write() 2015-04-29 17:44:02 +01:00
s2_srvr.c Harden SSLv2-supporting servers against Bleichenbacher's attack. 2015-04-08 16:42:28 +02:00
s3_both.c Sanity check the return from final_finish_mac 2015-04-30 23:27:05 +01:00
s3_cbc.c Use CRYPTO_memcmp in s3_cbc.c 2015-06-08 15:05:08 +02:00
s3_clnt.c Fix seg fault with 0 p val in SKE 2015-08-11 20:23:00 +01:00
s3_enc.c Cleanse buffers 2015-03-11 10:49:22 +00:00
s3_lib.c Rerun util/openssl-format-source -v -c . 2015-01-22 09:38:49 +00:00
s3_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s3_pkt.c Don't send an alert if we've just received one 2015-05-25 23:11:02 +01:00
s3_srvr.c Fix PSK handling. 2015-07-02 13:04:25 +01:00
s23_clnt.c Fix SSL_set_session_ticket_ext when used with SSLv23_method 2015-07-27 16:47:00 +01:00
s23_lib.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s23_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s23_pkt.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
s23_srvr.c Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
srtp.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl-lib.com Spaces were added in some strings for better readability. However, those spaces do not belong in file names, so when picking out the individual parts, remove the spaces 2014-10-15 10:49:24 +02:00
ssl.h Fix seg fault with 0 p val in SKE 2015-08-11 20:23:00 +01:00
ssl2.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl3.h Add test for SSL_set_session_ticket_ext 2015-07-27 16:14:02 +01:00
ssl23.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_algs.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_asn1.c Fix d2i_SSL_SESSION for DTLS1_BAD_VER 2015-02-27 20:32:49 +00:00
ssl_cert.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_ciph.c Remove export ciphers from the DEFAULT cipher list 2015-03-07 23:08:12 +01:00
ssl_err.c Fix seg fault with 0 p val in SKE 2015-08-11 20:23:00 +01:00
ssl_err2.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_lib.c Check sk_SSL_CIPHER_new_null return value 2015-05-11 11:54:10 +01:00
ssl_locl.h Fix race condition in NewSessionTicket 2015-06-02 12:44:40 +01:00
ssl_rsa.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_sess.c More ssl_session_dup fixes 2015-06-11 10:08:18 +01:00
ssl_stat.c Add Error state 2015-05-05 20:07:48 +01:00
ssl_task.c Re-align some comments after running the reformat script. 2015-01-22 09:39:01 +00:00
ssl_txt.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssl_utst.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
ssltest.c Fix ssltest to use 1024-bit DHE parameters 2015-05-26 12:41:51 +02:00
t1_clnt.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
t1_enc.c Sanity check EVP_CTRL_AEAD_TLS_AAD 2015-04-30 23:26:06 +01:00
t1_lib.c Allow a zero length extension block 2015-06-12 15:45:17 +01:00
t1_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
t1_reneg.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
t1_srvr.c Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
tls1.h Run util/openssl-format-source -v -c . 2015-01-22 09:38:39 +00:00
tls_srp.c Code style: space after 'if' 2015-04-16 13:51:51 -04:00