Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext.

This ensures that it's zeroed even if the SSL object is reused
(as in ssltest.c). It also ensures that it applies to DTLS, too.

Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index c84c662dc85862807e1b8eb4c144866eb86d1986..98d775b91a2f50c32cf5a373545c34cd895c7173 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -226,14 +226,6 @@ int ssl3_connect(SSL *s)
                        s->renegotiate=1;
                        s->state=SSL_ST_CONNECT;
                        s->ctx->stats.sess_connect_renegotiate++;
-#ifndef OPENSSL_NO_TLSEXT
-                       /*
-                        * If renegotiating, the server may choose to not issue
-                        * a new ticket, so reset the flag. It will be set to
-                        * the right value when parsing ServerHello extensions.
-                        */
-                       s->tlsext_ticket_expected = 0;
-#endif
                        /* break */
                case SSL_ST_BEFORE:
                case SSL_ST_CONNECT:

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 149e7d6e115dc3f2ff45182f027a23ad5c0f1120..86203f1d2accfbbe8470216f6a6cdc8ee43ab834 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2504,6 +2504,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char
 #ifndef OPENSSL_NO_NEXTPROTONEG
        s->s3->next_proto_neg_seen = 0;
 #endif
+        s->tlsext_ticket_expected = 0;
 
        if (s->s3->alpn_selected)
                {