The NewSessionTicket message is not optional.

Per RFC 4507, section 3.3: This message [NewSessionTicket] MUST be sent if the server included a SessionTicket extension in the ServerHello. This message MUST NOT be sent if the server did not include a SessionTicket extension in the ServerHello. The presence of the NewSessionTicket message should be determined entirely from the ServerHello without probing. RT#4389 Reviewed-by: N Emilia Käsper <emilia@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>

The NewSessionTicket message is not optional.
Per RFC 4507, section 3.3: This message [NewSessionTicket] MUST be sent if the server included a SessionTicket extension in the ServerHello. This message MUST NOT be sent if the server did not include a SessionTicket extension in the ServerHello. The presence of the NewSessionTicket message should be determined entirely from the ServerHello without probing. RT#4389 Reviewed-by: N Emilia Käsper <emilia@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>
c45d6b2b · David Benjamin · Matt Caswell · afdd82fb · c45d6b2b
隐藏空白更改
内联并排

Showing with 5 addition and 3 deletion

ssl/statem/statem_clnt.c ssl/statem/statem_clnt.c +5 -3

未找到文件。
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -341,9 +341,11 @@ int ossl_statem_client_read_transition(SSL *s, int mt)
        break;
    case TLS_ST_CW_FINISHED:
-        if (mt == SSL3_MT_NEWSESSION_TICKET && s->tlsext_ticket_expected) {
+        if (s->tlsext_ticket_expected) {
-            st->hand_state = TLS_ST_CR_SESSION_TICKET;
+            if (mt == SSL3_MT_NEWSESSION_TICKET) {
-            return 1;
+                st->hand_state = TLS_ST_CR_SESSION_TICKET;
+                return 1;
+            }
        } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
            st->hand_state = TLS_ST_CR_CHANGE;
            return 1;