From a1dc0336dd482d0ce0e81d7847365de399899d5f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 8 Nov 2009 14:30:22 +0000 Subject: [PATCH] Re-revert (re-insert?) temporary change that made renegotiation work again and add a proper fix: specifically if it is a new session don't send the old TLS ticket, send a zero length ticket to request a new session. --- ssl/s3_clnt.c | 23 ++++++++++++++++++++++- ssl/t1_lib.c | 2 +- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index a76162646e..9929d0c92c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1744,7 +1744,28 @@ int ssl3_get_new_session_ticket(SSL *s) } memcpy(s->session->tlsext_tick, p, ticklen); s->session->tlsext_ticklen = ticklen; - + /* There are two ways to detect a resumed ticket sesion. + * One is to set an appropriate session ID and then the server + * must return a match in ServerHello. This allows the normal + * client session ID matching to work and we know much + * earlier that the ticket has been accepted. + * + * The other way is to set zero length session ID when the + * ticket is presented and rely on the handshake to determine + * session resumption. + * + * We choose the former approach because this fits in with + * assumptions elsewhere in OpenSSL. The session ID is set + * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the + * ticket. + */ + EVP_Digest(p, ticklen, + s->session->session_id, &s->session->session_id_length, +#ifndef OPENSSL_NO_SHA256 + EVP_sha256(), NULL); +#else + EVP_sha1(), NULL); +#endif ret=1; return(ret); f_err: diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index c9a81f243d..247854e124 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -177,7 +177,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { int ticklen; - if (s->session && s->session->tlsext_tick) + if (!s->new_session && s->session && s->session->tlsext_tick) ticklen = s->session->tlsext_ticklen; else ticklen = 0; -- 2.25.1