Update from stable branch.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 29 Apr 2008 16:44:51 +0000 (16:44 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 29 Apr 2008 16:44:51 +0000 (16:44 +0000)
ssl/s3_srvr.c
ssl/t1_lib.c

index 2ff4bc7..dee1f73 100644 (file)
@@ -314,9 +314,18 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SW_SRVR_HELLO_B:
                        ret=ssl3_send_server_hello(s);
                        if (ret <= 0) goto end;
-
+#ifndef OPENSSL_NO_TLSEXT
                        if (s->hit)
-                               s->state=SSL3_ST_SW_CHANGE_A;
+                               {
+                               if (s->tlsext_ticket_expected)
+                                       s->state=SSL3_ST_SW_SESSION_TICKET_A;
+                               else
+                                       s->state=SSL3_ST_SW_CHANGE_A;
+                               }
+#else
+                       if (s->hit)
+                                       s->state=SSL3_ST_SW_CHANGE_A;
+#endif
                        else
                                s->state=SSL3_ST_SW_CERT_A;
                        s->init_num=0;
@@ -548,11 +557,14 @@ int ssl3_accept(SSL *s)
                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
                                SSL3_ST_SR_FINISHED_B);
                        if (ret <= 0) goto end;
-                       if (s->hit)
-                               s->state=SSL_ST_OK;
 #ifndef OPENSSL_NO_TLSEXT
-                       else if (s->tlsext_ticket_expected)
+                       if (s->tlsext_ticket_expected)
                                s->state=SSL3_ST_SW_SESSION_TICKET_A;
+                       else if (s->hit)
+                               s->state=SSL_ST_OK;
+#else
+                       if (s->hit)
+                               s->state=SSL_ST_OK;
 #endif
                        else
                                s->state=SSL3_ST_SW_CHANGE_A;
index 39629c2..16c4f08 100644 (file)
@@ -1501,7 +1501,9 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
                        memcpy(sess->session_id, sess_id, sesslen);
                sess->session_id_length = sesslen;
                *psess = sess;
-               s->tlsext_ticket_expected = 0;
+               /*** TEST ***/
+               s->tlsext_ticket_expected = 1;
+               /*s->tlsext_ticket_expected = 0;*/
                return 1;
                }
        /* If session decrypt failure indicate a cache miss and set state to