Always issue new tickets when using TLSv1.3 stateful tickets

Previously we were failing to issue new tickets if a resumption attempt
failed.

Fixes #6654

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6722)

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index ab38a4f11e3d0909b6037a1a3fde52d0475164bd..f5ab5bb84018eb5500c761ddd3082ad13eab6c9b 100644 (file)
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1014,6 +1014,8 @@ static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
 {
     SSL_SESSION *tmpsess = NULL;
 
 {
     SSL_SESSION *tmpsess = NULL;
 

+    s->ext.ticket_expected = 1;
+

     switch (PACKET_remaining(tick)) {
         case 0:
             return SSL_TICKET_EMPTY;
     switch (PACKET_remaining(tick)) {
         case 0:
             return SSL_TICKET_EMPTY;


@@ -1031,7 +1033,6 @@ static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
     if (tmpsess == NULL)
         return SSL_TICKET_NO_DECRYPT;
 
     if (tmpsess == NULL)
         return SSL_TICKET_NO_DECRYPT;
 

-    s->ext.ticket_expected = 1;

     *sess = tmpsess;
     return SSL_TICKET_SUCCESS;
 }
     *sess = tmpsess;
     return SSL_TICKET_SUCCESS;
 }