Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext.
This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit a06cd5d056c6a5b1d161786873e21a5e53d554d8)
This commit is contained in:
Emilia Kasper
parent
821bee4333
commit
e2f69f5ce7
@ -226,14 +226,6 @@ int ssl3_connect(SSL *s)
|
|||||||
s->renegotiate=1;
|
s->renegotiate=1;
|
||||||
s->state=SSL_ST_CONNECT;
|
s->state=SSL_ST_CONNECT;
|
||||||
s->ctx->stats.sess_connect_renegotiate++;
|
s->ctx->stats.sess_connect_renegotiate++;
|
||||||
#ifndef OPENSSL_NO_TLSEXT
|
|
||||||
/*
|
|
||||||
* If renegotiating, the server may choose to not issue
|
|
||||||
* a new ticket, so reset the flag. It will be set to
|
|
||||||
* the right value when parsing ServerHello extensions.
|
|
||||||
*/
|
|
||||||
s->tlsext_ticket_expected = 0;
|
|
||||||
#endif
|
|
||||||
/* break */
|
/* break */
|
||||||
case SSL_ST_BEFORE:
|
case SSL_ST_BEFORE:
|
||||||
case SSL_ST_CONNECT:
|
case SSL_ST_CONNECT:
|
||||||
|
|||||||
@ -1513,6 +1513,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
|
|||||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||||
s->s3->next_proto_neg_seen = 0;
|
s->s3->next_proto_neg_seen = 0;
|
||||||
#endif
|
#endif
|
||||||
|
s->tlsext_ticket_expected = 0;
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_HEARTBEATS
|
#ifndef OPENSSL_NO_HEARTBEATS
|
||||||
s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
|
s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user