If tickets disabled behave as if no ticket received to support

stateful resume.

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 35f04afa4a72dc5ffc152b57adb7371ace33cfe3..9ce726996d9ddccd2851a14974ef41bfbabf8678 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -734,6 +734,13 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
        /* Point after session ID in client hello */
        const unsigned char *p = session_id + len;
        unsigned short i;
+
+       /* If tickets disabled behave as if no ticket present
+        * to permit stateful resumption.
+        */
+       if (SSL_get_options(s) & SSL_OP_NO_TICKET)
+               return 1;
+
        if ((s->version <= SSL3_VERSION) || !limit)
                return 1;
        if (p >= limit)
@@ -761,12 +768,7 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                        return 1;
                if (type == TLSEXT_TYPE_session_ticket)
                        {
-                       /* If tickets disabled indicate cache miss which will
-                        * trigger a full handshake
-                        */
-                       if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-                               return 0;
-                       /* If zero length not client will accept a ticket
+                       /* If zero length note client will accept a ticket
                         * and indicate cache miss to trigger full handshake
                         */
                        if (size == 0)