Commit ee4ffd6f authored Aug 13, 2015 by Matt Caswell

Fix DTLS session ticket renewal



A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.

The bug can be demonstrated as follows:

Start a DTLS s_server instance:
openssl s_server -dtls

Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket

Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem

The client will abort the handshake.

Reviewed-by: Tim Hudson <tjh@openssl.org>

parent d6dfa550

ssl/d1_clnt.c

+4 −0

Original line number	Original line	Diff line number	Diff line
	@@ -380,6 +380,10 @@ int dtls1_connect(SSL *s)
	#endif		#endif

	s->state = SSL3_ST_CR_CHANGE_A;		s->state = SSL3_ST_CR_CHANGE_A;
			if (s->tlsext_ticket_expected) {
			/* receive renewed session ticket */
			s->state = SSL3_ST_CR_SESSION_TICKET_A;
			}
	} else		} else
	s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;		s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
	}		}