Commit 21b538d6 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

RT2772: accept empty SessionTicket 



RFC 5077 section 3.3 says: If the server determines that it does not
want to include a ticket after it has included the SessionTicket
extension in the ServerHello, then it sends a zero-length ticket in the
NewSessionTicket handshake message.

Previously the client would fail upon attempting to allocate a
zero-length buffer. Now, we have the client ignore the empty ticket and
keep the existing session.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent 92ea6fe5

ssl/s3_clnt.c

+15 −8
Original line number Diff line number Diff line
@@ -2224,6 +2224,7 @@ int ssl3_get_new_session_ticket(SSL *s) 
    long n;

    const unsigned char *p;

    unsigned char *d;

    unsigned long ticket_lifetime_hint;



    n = s->method->ssl_get_message(s,

                                   SSL3_ST_CR_SESSION_TICKET_A,
@@ -2242,6 +2243,19 @@ int ssl3_get_new_session_ticket(SSL *s) 


    p = d = (unsigned char *)s->init_msg;



    n2l(p, ticket_lifetime_hint);

    n2s(p, ticklen);

    /* ticket_lifetime_hint + ticket_length + ticket */

    if (ticklen + 6 != n) {

        al = SSL_AD_DECODE_ERROR;

        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);

        goto f_err;

    }



    /* Server is allowed to change its mind and send an empty ticket. */

    if (ticklen == 0)

        return 1;



    if (s->session->session_id_length > 0) {

        int i = s->session_ctx->session_cache_mode;

        SSL_SESSION *new_sess;
@@ -2273,14 +2287,6 @@ int ssl3_get_new_session_ticket(SSL *s) 
        s->session = new_sess;

    }



    n2l(p, s->session->tlsext_tick_lifetime_hint);

    n2s(p, ticklen);

    /* ticket_lifetime_hint + ticket_length + ticket */

    if (ticklen + 6 != n) {

        al = SSL_AD_DECODE_ERROR;

        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);

        goto f_err;

    }

    if (s->session->tlsext_tick) {

        OPENSSL_free(s->session->tlsext_tick);

        s->session->tlsext_ticklen = 0;
@@ -2291,6 +2297,7 @@ int ssl3_get_new_session_ticket(SSL *s) 
        goto err;

    }

    memcpy(s->session->tlsext_tick, p, ticklen);

    s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;

    s->session->tlsext_ticklen = ticklen;

    /*

     * There are two ways to detect a resumed ticket session. One is to set