/* Fall through */
case TLS_ST_SW_KEY_UPDATE:
+ st->hand_state = TLS_ST_OK;
+ return WRITE_TRAN_CONTINUE;
+
case TLS_ST_SW_SESSION_TICKET:
/* In a resumption we only ever send a maximum of one new ticket.
* Following an initial handshake we send the number of tickets we have
return WORK_FINISHED_CONTINUE;
case TLS_ST_SW_SESSION_TICKET:
- if (SSL_IS_TLS13(s)) {
+ if (SSL_IS_TLS13(s) && s->sent_tickets == 0) {
/*
* Actually this is the end of the handshake, but we're going
* straight into writing the session ticket out. So we finish off
sk = NULL;
/* Save the current hash state for when we receive the CertificateVerify */
- if (SSL_IS_TLS13(s)
- && !ssl_handshake_hash(s, s->cert_verify_hash,
- sizeof(s->cert_verify_hash),
- &s->cert_verify_hash_len)) {
- /* SSLfatal() already called */
- goto err;
+ if (SSL_IS_TLS13(s)) {
+ if (!ssl_handshake_hash(s, s->cert_verify_hash,
+ sizeof(s->cert_verify_hash),
+ &s->cert_verify_hash_len)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ /* Resend session tickets */
+ s->sent_tickets = 0;
}
ret = MSG_PROCESS_CONTINUE_READING;
goto err;
}
if (SSL_IS_TLS13(s)) {
- ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
if (!tls_construct_extensions(s, pkt,
SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
NULL, 0)) {
goto err;
}
s->sent_tickets++;
+ ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
}
EVP_CIPHER_CTX_free(ctx);
HMAC_CTX_free(hctx);