Fix from stable branch.

e8da6a1d · Dr. Stephen Henson · 30551400 · e8da6a1d · e8da6a1d
隐藏空白更改
内联并排

Showing with 10 addition and 3 deletion

ssl/ssl_sess.c ssl/ssl_sess.c +1 -1

ssl/t1_lib.c ssl/t1_lib.c +9 -2

未找到文件。
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -438,7 +438,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 		fatal = 1;
 		goto err;
 		}
-	else if (r == 0 || (!ret || !len))
+	else if (r == 0 || (!ret && !len))
 		goto err;
 	else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #else

--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1388,6 +1388,13 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
 	/* Point after session ID in client hello */
 	const unsigned char *p = session_id + len;
 	unsigned short i;
+	/* If tickets disabled behave as if no ticket present
+ 	 * to permit stateful resumption.
+ 	 */
+	if (SSL_get_options(s) & SSL_OP_NO_TICKET)
+		return 1;
 	if ((s->version <= SSL3_VERSION) || !limit)
 		return 1;
 	if (p >= limit)
@@ -1419,8 +1426,8 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
 			 * trigger a full handshake
 			 */
 			if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-				return 0;
+				return 1;
-			/* If zero length not client will accept a ticket
+			/* If zero length note client will accept a ticket
 			 * and indicate cache miss to trigger full handshake
 			 */
 			if (size == 0)