projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 86de216) | patch
Fix DTLS session ticket renewal
authorMatt Caswell <matt@openssl.org>
Thu, 13 Aug 2015 09:06:30 +0000 (10:06 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 26 Aug 2015 09:27:35 +0000 (10:27 +0100)
commitbe8b8603d6789c1dcb058f167c8b54e3f4b928c9
tree57039e1116c1ba1367d98a1b0d325dd6ac88d466tree | snapshot
parent86de216da3ebea7f876a096e258cf4c9d219bc0acommit | diff
Fix DTLS session ticket renewal

A DTLS client will abort a handshake if the server attempts to renew the
session ticket. This is caused by a state machine discrepancy between DTLS
and TLS discovered during the state machine rewrite work.

The bug can be demonstrated as follows:

Start a DTLS s_server instance:
openssl s_server -dtls

Start a client and obtain a session but no ticket:
openssl s_client -dtls -sess_out session.pem -no_ticket

Now start a client reusing the session, but allow a ticket:
openssl s_client -dtls -sess_in session.pem

The client will abort the handshake.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ee4ffd6fccd169775ba74afb1dbfecff48ee413d)

Conflicts:
ssl/d1_clnt.c
ssl/d1_clnt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.