projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 51cbee3) | patch
RT2772: accept empty SessionTicket
authorEmilia Kasper <emilia@openssl.org>
Thu, 10 Sep 2015 14:32:51 +0000 (16:32 +0200)
committerEmilia Kasper <emilia@openssl.org>
Mon, 28 Sep 2015 14:00:25 +0000 (16:00 +0200)
commite711da714b0add2c9c3cb67a8c2500002fff9105
treeac9dc16c15de5c38f313eed7fbbbbf9a3db49e9atree | snapshot
parent51cbee35162aecb4ca37ea9688461c79f975aff5commit | diff
RT2772: accept empty SessionTicket

RFC 5077 section 3.3 says:
If the server determines that it does not want to include a
ticket after it has included the SessionTicket extension in the
ServerHello, then it sends a zero-length ticket in the
NewSessionTicket handshake message.

Previously the client would fail upon attempting to allocate a
zero-length buffer. Now, we have the client ignore the empty ticket and
keep the existing session.

Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/s3_clnt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.