From e2f69f5ce7aa36d98e3b24c2afe8be561226659c Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Wed, 19 Nov 2014 15:42:43 +0100 Subject: [PATCH] Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext. This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too. Reviewed-by: Matt Caswell (cherry picked from commit a06cd5d056c6a5b1d161786873e21a5e53d554d8) --- ssl/s3_clnt.c | 8 -------- ssl/t1_lib.c | 1 + 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 403b684205..4b86f17419 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -226,14 +226,6 @@ int ssl3_connect(SSL *s) s->renegotiate=1; s->state=SSL_ST_CONNECT; s->ctx->stats.sess_connect_renegotiate++; -#ifndef OPENSSL_NO_TLSEXT - /* - * If renegotiating, the server may choose to not issue - * a new ticket, so reset the flag. It will be set to - * the right value when parsing ServerHello extensions. - */ - s->tlsext_ticket_expected = 0; -#endif /* break */ case SSL_ST_BEFORE: case SSL_ST_CONNECT: diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f5728c28d9..c7032f717d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1513,6 +1513,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in #ifndef OPENSSL_NO_NEXTPROTONEG s->s3->next_proto_neg_seen = 0; #endif + s->tlsext_ticket_expected = 0; #ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | -- 2.25.1