Commit 59db06f1 authored by Matt Caswell's avatar Matt Caswell
Browse files

Update create_ssl_connection() to make sure its gets a session 



In TLSv1.3 the connection will be created before the session is
established. In OpenSSL we send the NewSessionTicket message immediately
after the client finished has been received. Therefore we change
create_ssl_connection() to attempt a read of application data after the
handshake has completed. We expect this to fail but it will force the
reading of the NewSessionTicket and the session to be set up.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)
parent 4b7ffd8b

test/ssltestlib.c

+17 −0
Original line number Diff line number Diff line
@@ -645,6 +645,8 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl) 
{

    int retc = -1, rets = -1, err, abortctr = 0;

    int clienterr = 0, servererr = 0;

    unsigned char buf;

    size_t readbytes;



    do {

        err = SSL_ERROR_WANT_WRITE;
@@ -678,5 +680,20 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl) 
        }

    } while (retc <=0 || rets <= 0);



    /*

     * We attempt to read some data on the client side which we expect to fail.

     * This will ensure we have received the NewSessionTicket in TLSv1.3 where

     * appropriate.

     */

    if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) {

        if (readbytes != 0) {

            printf("Unexpected success reading data %"OSSLzu"\n", readbytes);

            return 0;

        }

    } else if (SSL_get_error(clientssl, 0) != SSL_ERROR_WANT_READ) {

        printf("SSL_read_ex() failed\n");

        return 0;

    }



    return 1;

}