Re-revert (re-insert?) temporary change that made renegotiation work again

and add a proper fix: specifically if it is a new session don't send the old TLS ticket, send a zero length ticket to request a new session.
2009-11-08 14:30:22 +00:00
parent d99a35f275
commit a1dc0336dd
2 changed files with 23 additions and 2 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -177,7 +177,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 	if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
 		{
 		int ticklen;
-		if (s->session && s->session->tlsext_tick)
+		if (!s->new_session && s->session && s->session->tlsext_tick)
 			ticklen = s->session->tlsext_ticklen;
 		else
 			ticklen = 0;