Rework NewSessionTicket handling in state machine
Fixes bug: NewSessionTicket was ommited in resumed sessions.
This commit is contained in:
parent
3ffa3db80b
commit
7cd5924cec
@ -1967,10 +1967,11 @@ static int ssl_parse_new_session_ticket( ssl_context *ssl )
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
|
||||
}
|
||||
|
||||
ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
|
||||
|
||||
/* We're not waiting for a NewSessionTicket message any more */
|
||||
ssl->handshake->new_session_ticket = 0;
|
||||
|
||||
/*
|
||||
* Zero-length ticket means the server changed his mind and doesn't want
|
||||
* to send a ticket after all, so just forget it
|
||||
@ -2094,11 +2095,10 @@ int ssl_handshake_client_step( ssl_context *ssl )
|
||||
* ChangeCipherSpec
|
||||
* Finished
|
||||
*/
|
||||
case SSL_SERVER_NEW_SESSION_TICKET:
|
||||
ret = ssl_parse_new_session_ticket( ssl );
|
||||
break;
|
||||
|
||||
case SSL_SERVER_CHANGE_CIPHER_SPEC:
|
||||
if( ssl->handshake->new_session_ticket != 0 )
|
||||
ret = ssl_parse_new_session_ticket( ssl );
|
||||
else
|
||||
ret = ssl_parse_change_cipher_spec( ssl );
|
||||
break;
|
||||
|
||||
|
@ -2358,7 +2358,8 @@ static int ssl_write_new_session_ticket( ssl_context *ssl )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;
|
||||
/* No need to remember writing a NewSessionTicket any more */
|
||||
ssl->handshake->new_session_ticket = 0;
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
|
||||
|
||||
@ -2452,11 +2453,10 @@ int ssl_handshake_server_step( ssl_context *ssl )
|
||||
* ChangeCipherSpec
|
||||
* Finished
|
||||
*/
|
||||
case SSL_SERVER_NEW_SESSION_TICKET:
|
||||
ret = ssl_write_new_session_ticket( ssl );
|
||||
break;
|
||||
|
||||
case SSL_SERVER_CHANGE_CIPHER_SPEC:
|
||||
if( ssl->handshake->new_session_ticket != 0 )
|
||||
ret = ssl_write_new_session_ticket( ssl );
|
||||
else
|
||||
ret = ssl_write_change_cipher_spec( ssl );
|
||||
break;
|
||||
|
||||
|
@ -2619,11 +2619,6 @@ int ssl_write_finished( ssl_context *ssl )
|
||||
else
|
||||
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
||||
}
|
||||
else if( ssl->endpoint == SSL_IS_CLIENT &&
|
||||
ssl->handshake->new_session_ticket != 0 )
|
||||
{
|
||||
ssl->state = SSL_SERVER_NEW_SESSION_TICKET;
|
||||
}
|
||||
else
|
||||
ssl->state++;
|
||||
|
||||
@ -2736,11 +2731,6 @@ int ssl_parse_finished( ssl_context *ssl )
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
ssl->state = SSL_HANDSHAKE_WRAPUP;
|
||||
}
|
||||
else if( ssl->endpoint == SSL_IS_SERVER &&
|
||||
ssl->handshake->new_session_ticket != 0 )
|
||||
{
|
||||
ssl->state = SSL_SERVER_NEW_SESSION_TICKET;
|
||||
}
|
||||
else
|
||||
ssl->state++;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user