From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 7 Jun 2014 14:21:13 +0000 (+0100)
Subject: Make tls_session_secret_cb work with CVE-2014-0224 fix.
X-Git-Tag: OpenSSL_1_0_2-beta2~165
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a21f350a76b34b66dcaf9c1676baec945f32e980;p=oweals%2Fopenssl.git

Make tls_session_secret_cb work with CVE-2014-0224 fix.

If application uses tls_session_secret_cb for session resumption
set the CCS_OK flag.
(cherry picked from commit 953c592572e8811b7956cc09fbd8e98037068b58)
---

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 216b9c92eb..9cae0d15e6 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1031,6 +1031,7 @@ int ssl3_get_server_hello(SSL *s)
 			{
 			s->session->cipher = pref_cipher ?
 				pref_cipher : ssl_get_cipher_by_char(s, p+j);
+	    		s->s3->flags |= SSL3_FLAGS_CCS_OK;
 			}
 		}
 #endif /* OPENSSL_NO_TLSEXT */