From f7c7aa69f70089aeee3ff6c180ebcdf48c2a8808 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Wed, 19 Nov 2014 15:56:27 +0100 Subject: [PATCH] Set s->hit when resuming from external pre-shared secret. The same change was independently made in BoringSSL, see commit 9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67 Reviewed-by: Matt Caswell (cherry picked from commit 7b3ba508af5c86afe43e28174aa3c53a0a24f4d9) --- ssl/s3_clnt.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 16a39c824b..4cd7dc9c1b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -978,6 +978,8 @@ int ssl3_get_server_hello(SSL *s) memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; + s->hit = 0; + /* get the session-id */ j= *(p++); @@ -1001,12 +1003,13 @@ int ssl3_get_server_hello(SSL *s) { s->session->cipher = pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s, p+j); - s->s3->flags |= SSL3_FLAGS_CCS_OK; + s->hit = 1; + s->s3->flags |= SSL3_FLAGS_CCS_OK; } } #endif /* OPENSSL_NO_TLSEXT */ - if (j != 0 && j == s->session->session_id_length + if (!s->hit && j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) { if(s->sid_ctx_length != s->session->sid_ctx_length @@ -1020,11 +1023,11 @@ int ssl3_get_server_hello(SSL *s) s->s3->flags |= SSL3_FLAGS_CCS_OK; s->hit=1; } - else /* a miss or crap from the other end */ + /* a miss or crap from the other end */ + if (!s->hit) { /* If we were trying for session-id reuse, make a new * SSL_SESSION so we don't stuff up other people */ - s->hit=0; if (s->session->session_id_length > 0) { if (!ssl_get_new_session(s,0)) -- 2.40.0