From 434745dc193a7bbbc31f555ae36be95d48140d6e Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 1 Feb 2010 16:51:09 +0000
Subject: [PATCH] PR: 2160 Submitted by: Robin Seggelmann
 <seggelmann@fh-muenster.de>

Make session tickets work with DTLS.
---
 ssl/d1_srvr.c  | 5 +++--
 ssl/ssl_asn1.c | 4 ++--
 ssl/ssl_sess.c | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 1fd3d1c5a5..301ceda7a5 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -1525,9 +1525,10 @@ int dtls1_send_newsession_ticket(SSL *s)
 		p += hlen;
 		/* Now write out lengths: p points to end of data written */
 		/* Total length */
-		len = p - (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+		len = p - (unsigned char *)(s->init_buf->data);
+		/* Ticket length */
 		p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
-		s2n(len - 18, p);  /* Ticket length */
+		s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
 
 		/* number of bytes to write */
 		s->init_num= len;
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index e484a2992d..28709978b5 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -394,7 +394,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 			((unsigned long)os.data[1]<< 8L)|
 			 (unsigned long)os.data[2];
 		}
-	else if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
+	else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
 		{
 		if (os.length != 2)
 			{
@@ -415,7 +415,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	ret->cipher_id=id;
 
 	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
-	if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
+	if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
 		i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
 	else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
 		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 348410e5c3..56b9e157ed 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -543,7 +543,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 		p=buf;
 		l=ret->cipher_id;
 		l2n(l,p);
-		if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
+		if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
 			ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
 		else 
 			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
-- 
2.40.0