Set s->hit when resuming from external pre-shared secret.
[openssl.git] / ssl / s3_clnt.c
index 403b684..3a3b2a3 100644 (file)
@@ -226,14 +226,6 @@ int ssl3_connect(SSL *s)
                        s->renegotiate=1;
                        s->state=SSL_ST_CONNECT;
                        s->ctx->stats.sess_connect_renegotiate++;
-#ifndef OPENSSL_NO_TLSEXT
-                       /*
-                        * If renegotiating, the server may choose to not issue
-                        * a new ticket, so reset the flag. It will be set to
-                        * the right value when parsing ServerHello extensions.
-                        */
-                       s->tlsext_ticket_expected = 0;
-#endif
                        /* break */
                case SSL_ST_BEFORE:
                case SSL_ST_CONNECT:
@@ -888,6 +880,8 @@ int ssl3_get_server_hello(SSL *s)
        memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
        p+=SSL3_RANDOM_SIZE;
 
+       s->hit = 0;
+
        /* get the session-id */
        j= *(p++);
 
@@ -911,12 +905,13 @@ int ssl3_get_server_hello(SSL *s)
                        {
                        s->session->cipher = pref_cipher ?
                                pref_cipher : ssl_get_cipher_by_char(s, p+j);
-                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
+                       s->hit = 1;
+                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
                        }
                }
 #endif /* OPENSSL_NO_TLSEXT */
 
-       if (j != 0 && j == s->session->session_id_length
+       if (!s->hit && j != 0 && j == s->session->session_id_length
            && memcmp(p,s->session->session_id,j) == 0)
            {
            if(s->sid_ctx_length != s->session->sid_ctx_length
@@ -930,11 +925,11 @@ int ssl3_get_server_hello(SSL *s)
            s->s3->flags |= SSL3_FLAGS_CCS_OK;
            s->hit=1;
            }
-       else    /* a miss or crap from the other end */
+       /* a miss or crap from the other end */
+       if (!s->hit)
                {
                /* If we were trying for session-id reuse, make a new
                 * SSL_SESSION so we don't stuff up other people */
-               s->hit=0;
                if (s->session->session_id_length > 0)
                        {
                        if (!ssl_get_new_session(s,0))