From 64ec479559d359cb18cc9dc94b6503a624831eee Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Wed, 23 Sep 2015 19:29:18 +0200 Subject: [PATCH] RT2772: accept empty SessionTicket RFC 5077 section 3.3 says: If the server determines that it does not want to include a ticket after it has included the SessionTicket extension in the ServerHello, then it sends a zero-length ticket in the NewSessionTicket handshake message. Previously the client would fail upon attempting to allocate a zero-length buffer. Now, we have the client ignore the empty ticket and keep the existing session. Reviewed-by: Matt Caswell (cherry picked from commit 21b538d616b388fa0ce64ef54da3504253895cf8) --- ssl/s3_clnt.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index c89564b362..47b3189a78 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2134,6 +2134,7 @@ int ssl3_get_new_session_ticket(SSL *s) long n; const unsigned char *p; unsigned char *d; + unsigned long ticket_lifetime_hint; n = s->method->ssl_get_message(s, SSL3_ST_CR_SESSION_TICKET_A, @@ -2152,6 +2153,19 @@ int ssl3_get_new_session_ticket(SSL *s) p = d = (unsigned char *)s->init_msg; + n2l(p, ticket_lifetime_hint); + n2s(p, ticklen); + /* ticket_lifetime_hint + ticket_length + ticket */ + if (ticklen + 6 != n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + + /* Server is allowed to change its mind and send an empty ticket. */ + if (ticklen == 0) + return 1; + if (s->session->session_id_length > 0) { int i = s->session_ctx->session_cache_mode; SSL_SESSION *new_sess; @@ -2183,14 +2197,6 @@ int ssl3_get_new_session_ticket(SSL *s) s->session = new_sess; } - n2l(p, s->session->tlsext_tick_lifetime_hint); - n2s(p, ticklen); - /* ticket_lifetime_hint + ticket_length + ticket */ - if (ticklen + 6 != n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); - goto f_err; - } if (s->session->tlsext_tick) { OPENSSL_free(s->session->tlsext_tick); s->session->tlsext_ticklen = 0; @@ -2201,6 +2207,7 @@ int ssl3_get_new_session_ticket(SSL *s) goto err; } memcpy(s->session->tlsext_tick, p, ticklen); + s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint; s->session->tlsext_ticklen = ticklen; /* * There are two ways to detect a resumed ticket session. One is to set -- 2.25.1