Update from stable branch.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 29 Apr 2008 17:22:35 +0000 (17:22 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 29 Apr 2008 17:22:35 +0000 (17:22 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 29 Apr 2008 17:22:35 +0000 (17:22 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 29 Apr 2008 17:22:35 +0000 (17:22 +0000)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index 74f5abe13c173781d5f6ff49c234677c128214cf..4ca47faf5117ff97553b3931e5aceb43acbe620b 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2918,7 +2918,11 @@ static int ssl3_check_finished(SSL *s)
         {
         int ok;
         long n;
-       if (!s->session->tlsext_tick)
+       /* If we have no ticket or session ID is non-zero length (a match of
+        * a non-zero session length would never reach here) it cannot be a
+        * resumed session.
+        */
+       if (!s->session->tlsext_tick || s->session->session_id_length)
                 return 1;
         /* this function is called when we really expect a Certificate
          * message, so permit appropriate message length */
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 29 Apr 2008 17:22:35 +0000 (17:22 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 29 Apr 2008 17:22:35 +0000 (17:22 +0000)