From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 3 Sep 2008 22:17:11 +0000 (+0000)
Subject: Fix from stable branch.
X-Git-Tag: OpenSSL_0_9_8k^2~263
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=e8da6a1d0fd119e170df49e1f5e28f980794144d

Fix from stable branch.
---

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index c5ca1c2014..1378f7600e 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -438,7 +438,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 		fatal = 1;
 		goto err;
 		}
-	else if (r == 0 || (!ret || !len))
+	else if (r == 0 || (!ret && !len))
 		goto err;
 	else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #else
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index bde52b126b..dc0396cfaa 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1388,6 +1388,13 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
 	/* Point after session ID in client hello */
 	const unsigned char *p = session_id + len;
 	unsigned short i;
+
+	/* If tickets disabled behave as if no ticket present
+ 	 * to permit stateful resumption.
+ 	 */
+	if (SSL_get_options(s) & SSL_OP_NO_TICKET)
+		return 1;
+
 	if ((s->version <= SSL3_VERSION) || !limit)
 		return 1;
 	if (p >= limit)
@@ -1419,8 +1426,8 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
  			 * trigger a full handshake
  			 */
 			if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-				return 0;
-			/* If zero length not client will accept a ticket
+				return 1;
+			/* If zero length note client will accept a ticket
  			 * and indicate cache miss to trigger full handshake
  			 */
 			if (size == 0)