Commit 4b4ba6a8 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Generate stateless session ID just after the ticket is received instead 

of when a session is loaded. This will mean that applications that
just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION()
will still work.
parent bb4060c5

ssl/s3_clnt.c

+22 −1
Original line number Diff line number Diff line
@@ -1844,7 +1844,28 @@ int ssl3_get_new_session_ticket(SSL *s) 
		}

	memcpy(s->session->tlsext_tick, p, ticklen);

	s->session->tlsext_ticklen = ticklen;

	

	/* There are two ways to detect a resumed ticket sesion.

	 * One is to set an appropriate session ID and then the server

	 * must return a match in ServerHello. This allows the normal

	 * client session ID matching to work and we know much 

	 * earlier that the ticket has been accepted.

	 * 

	 * The other way is to set zero length session ID when the

	 * ticket is presented and rely on the handshake to determine

	 * session resumption.

	 *

	 * We choose the former approach because this fits in with

	 * assumptions elsewhere in OpenSSL. The session ID is set

	 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the

	 * ticket.

	 */ 

	EVP_Digest(p, ticklen,

			s->session->session_id, &s->session->session_id_length,

#ifndef OPENSSL_NO_SHA256

							EVP_sha256(), NULL);

#else

							EVP_sha1(), NULL);

#endif

	ret=1;

	return(ret);

f_err:

ssl/ssl_asn1.c

+0 −26
Original line number Diff line number Diff line
@@ -244,12 +244,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) 
                a.tlsext_tick.length= in->tlsext_ticklen;

                a.tlsext_tick.type=V_ASN1_OCTET_STRING;

                a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;

		/* If we have a ticket set session ID to empty because

		 * it will be bogus. If liftime hint is -1 treat as a special

		 * case because the session is being used as a container

		 */

		if (in->tlsext_ticklen && (in->tlsext_tick_lifetime_hint != -1))

			a.session_id.length=0;

                }

	if (in->tlsext_tick_lifetime_hint > 0)

		{
@@ -579,26 +573,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 
		ret->tlsext_ticklen = os.length;

		os.data = NULL;

		os.length = 0;

		/* There are two ways to detect a resumed ticket sesion.

		 * One is to set a random session ID and then the server

		 * must return a match in ServerHello. This allows the normal

		 * client session ID matching to work and we know much 

		 * earlier that the ticket has been accepted.

		 * 

		 * The other way is to set zero length session ID when the

		 * ticket is presented and rely on the handshake to determine

		 * session resumption.

		 */ 

		if (ret->session_id_length == 0)

			{

			EVP_Digest(ret->tlsext_tick, ret->tlsext_ticklen, 

				   ret->session_id, &ret->session_id_length,

#ifndef OPENSSL_NO_SHA256

					EVP_sha256(), NULL);

#else

					EVP_sha1(), NULL);

#endif

			}

		}

	else

		ret->tlsext_tick=NULL;