Commit c45d6b2b authored by David Benjamin's avatar David Benjamin Committed by Matt Caswell
Browse files

The NewSessionTicket message is not optional. 



Per RFC 4507, section 3.3:

   This message [NewSessionTicket] MUST be sent if the
   server included a SessionTicket extension in the ServerHello.  This
   message MUST NOT be sent if the server did not include a
   SessionTicket extension in the ServerHello.

The presence of the NewSessionTicket message should be determined
entirely from the ServerHello without probing.

RT#4389

Reviewed-by: default avatarEmilia Käsper <emilia@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent afdd82fb

ssl/statem/statem_clnt.c

+5 −3
Original line number Diff line number Diff line
@@ -341,9 +341,11 @@ int ossl_statem_client_read_transition(SSL *s, int mt) 
        break;



    case TLS_ST_CW_FINISHED:

        if (mt == SSL3_MT_NEWSESSION_TICKET && s->tlsext_ticket_expected) {

        if (s->tlsext_ticket_expected) {

            if (mt == SSL3_MT_NEWSESSION_TICKET) {

                st->hand_state = TLS_ST_CR_SESSION_TICKET;

                return 1;

            }

        } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {

            st->hand_state = TLS_ST_CR_CHANGE;

            return 1;