Commit 2f2295a5 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix DTLS session ticket renewal 



A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.

The bug can be demonstrated as follows:

Start a DTLS s_server instance:
openssl s_server -dtls

Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket

Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem

The client will abort the handshake.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(cherry picked from commit ee4ffd6f)

Conflicts:
	ssl/d1_clnt.c
parent 8e0b56b9

ssl/d1_clnt.c

+4 −0
Original line number Diff line number Diff line
@@ -382,6 +382,10 @@ int dtls1_connect(SSL *s) 
#endif



                    s->state = SSL3_ST_CR_FINISHED_A;

                    if (s->tlsext_ticket_expected) {

                        /* receive renewed session ticket */

                        s->state = SSL3_ST_CR_SESSION_TICKET_A;

                    }

                } else

                    s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;

            }