During anti-replay we cache the ticket anyway, so there is no point in
using a full stateless ticket.
Fixes #6391
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6563)
uint32_t ticket_age = 0, now, agesec, agems;
int ret;
- if ((s->options & SSL_OP_NO_TICKET) != 0)
+ /*
+ * If we are using anti-replay protection then we behave as if
+ * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
+ * is no point in using full stateless tickets.
+ */
+ if ((s->options & SSL_OP_NO_TICKET) != 0
+ || s->max_early_data > 0)
ret = tls_get_stateful_ticket(s, &identity, &sess);
else
ret = tls_decrypt_ticket(s, PACKET_data(&identity),
tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
goto err;
- if ((s->options & SSL_OP_NO_TICKET) != 0 && SSL_IS_TLS13(s)) {
+ /*
+ * If we are using anti-replay protection then we behave as if
+ * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
+ * is no point in using full stateless tickets.
+ */
+ if (((s->options & SSL_OP_NO_TICKET) != 0 || s->max_early_data > 0)
+ && SSL_IS_TLS13(s)) {
if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) {
/* SSLfatal() already called */
goto err;
projects / oweals / openssl.git / commitdiff