Commit 15d717f5 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

Always require an advertised NewSessionTicket message. 



The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.

An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(cherry picked from commit de2c7504)

Conflicts:
	CHANGES
parent b8712b2b

CHANGES

+10 −6
Original line number Diff line number Diff line
@@ -9,6 +9,10 @@ 
      the extension anew in the ServerHello. Previously, a TLS client would

      reuse the old extension state and thus accept a session ticket if one was

      announced in the initial ServerHello.



      Similarly, ensure that the client requires a session ticket if one

      was advertised in the ServerHello. Previously, a TLS client would

      ignore a missing NewSessionTicket message.

      [Emilia Käsper]



 Changes between 1.0.1i and 1.0.1j [15 Oct 2014]

ssl/s3_clnt.c

+1 −12
Original line number Diff line number Diff line
@@ -2160,24 +2160,13 @@ int ssl3_get_new_session_ticket(SSL *s) 
	n=s->method->ssl_get_message(s,

		SSL3_ST_CR_SESSION_TICKET_A,

		SSL3_ST_CR_SESSION_TICKET_B,

		-1,

		SSL3_MT_NEWSESSION_TICKET,

		16384,

		&ok);



	if (!ok)

		return((int)n);



	if (s->s3->tmp.message_type == SSL3_MT_FINISHED)

		{

		s->s3->tmp.reuse_message=1;

		return(1);

		}

	if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)

		{

		al=SSL_AD_UNEXPECTED_MESSAGE;

		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);

		goto f_err;

		}

	if (n < 6)

		{

		/* need at least ticket_lifetime_hint + ticket length */