projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Set s->hit when resuming from external pre-shared secret.
[openssl.git] / ssl / s3_clnt.c
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 98d775b91a2f50c32cf5a373545c34cd895c7173..55f8f7b9a1c3006a49bc91dae19cb88743505282 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -984,6 +984,8 @@ int ssl3_get_server_hello(SSL *s)
        memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
        p+=SSL3_RANDOM_SIZE;
 
        memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
        p+=SSL3_RANDOM_SIZE;
 
+       s->hit = 0;
+
        /* get the session-id */
        j= *(p++);
 
        /* get the session-id */
        j= *(p++);
 
@@ -1007,12 +1009,13 @@ int ssl3_get_server_hello(SSL *s)
                        {
                        s->session->cipher = pref_cipher ?
                                pref_cipher : ssl_get_cipher_by_char(s, p+j);
                        {
                        s->session->cipher = pref_cipher ?
                                pref_cipher : ssl_get_cipher_by_char(s, p+j);
-                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
+                       s->hit = 1;
+                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
                        }
                }
 #endif /* OPENSSL_NO_TLSEXT */
 
                        }
                }
 #endif /* OPENSSL_NO_TLSEXT */
 
-       if (j != 0 && j == s->session->session_id_length
+       if (!s->hit && j != 0 && j == s->session->session_id_length
            && memcmp(p,s->session->session_id,j) == 0)
            {
            if(s->sid_ctx_length != s->session->sid_ctx_length
            && memcmp(p,s->session->session_id,j) == 0)
            {
            if(s->sid_ctx_length != s->session->sid_ctx_length
@@ -1026,11 +1029,11 @@ int ssl3_get_server_hello(SSL *s)
            s->s3->flags |= SSL3_FLAGS_CCS_OK;
            s->hit=1;
            }
            s->s3->flags |= SSL3_FLAGS_CCS_OK;
            s->hit=1;
            }
-       else    /* a miss or crap from the other end */
+       /* a miss or crap from the other end */
+       if (!s->hit)
                {
                /* If we were trying for session-id reuse, make a new
                 * SSL_SESSION so we don't stuff up other people */
                {
                /* If we were trying for session-id reuse, make a new
                 * SSL_SESSION so we don't stuff up other people */
-               s->hit=0;
                if (s->session->session_id_length > 0)
                        {
                        if (!ssl_get_new_session(s,0))
                if (s->session->session_id_length > 0)
                        {
                        if (!ssl_get_new_session(s,0))
Unnamed repository; edit this file 'description' to name the repository.