Fix from stable branch.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 3 Sep 2008 22:17:11 +0000 (22:17 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 3 Sep 2008 22:17:11 +0000 (22:17 +0000)
ssl/ssl_sess.c
ssl/t1_lib.c

index c5ca1c2..1378f76 100644 (file)
@@ -438,7 +438,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                fatal = 1;
                goto err;
                }
-       else if (r == 0 || (!ret || !len))
+       else if (r == 0 || (!ret && !len))
                goto err;
        else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #else
index bde52b1..dc0396c 100644 (file)
@@ -1388,6 +1388,13 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
        /* Point after session ID in client hello */
        const unsigned char *p = session_id + len;
        unsigned short i;
+
+       /* If tickets disabled behave as if no ticket present
+        * to permit stateful resumption.
+        */
+       if (SSL_get_options(s) & SSL_OP_NO_TICKET)
+               return 1;
+
        if ((s->version <= SSL3_VERSION) || !limit)
                return 1;
        if (p >= limit)
@@ -1419,8 +1426,8 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                         * trigger a full handshake
                         */
                        if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-                               return 0;
-                       /* If zero length not client will accept a ticket
+                               return 1;
+                       /* If zero length note client will accept a ticket
                         * and indicate cache miss to trigger full handshake
                         */
                        if (size == 0)