Fix DTLS session ticket renewal

A DTLS client will abort a handshake if the server attempts to renew the session ticket. This is caused by a state machine discrepancy between DTLS and TLS discovered during the state machine rewrite work. The bug can be demonstrated as follows: Start a DTLS s_server instance: openssl s_server -dtls Start a client and obtain a session but no ticket: openssl s_client -dtls -sess_out session.pem -no_ticket Now start a client reusing the session, but allow a ticket: openssl s_client -dtls -sess_in session.pem The client will abort the handshake. Reviewed-by: N Tim Hudson <tjh@openssl.org>

Fix DTLS session ticket renewal
A DTLS client will abort a handshake if the server attempts to renew the session ticket. This is caused by a state machine discrepancy between DTLS and TLS discovered during the state machine rewrite work. The bug can be demonstrated as follows: Start a DTLS s_server instance: openssl s_server -dtls Start a client and obtain a session but no ticket: openssl s_client -dtls -sess_out session.pem -no_ticket Now start a client reusing the session, but allow a ticket: openssl s_client -dtls -sess_in session.pem The client will abort the handshake. Reviewed-by: N Tim Hudson <tjh@openssl.org>
ee4ffd6f · Matt Caswell · d6dfa550 · ee4ffd6f
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

ssl/d1_clnt.c ssl/d1_clnt.c +4 -0

未找到文件。
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -380,6 +380,10 @@ int dtls1_connect(SSL *s)
 #endif

                    s->state = SSL3_ST_CR_CHANGE_A;
+                    if (s->tlsext_ticket_expected) {
+                        /* receive renewed session ticket */
+                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
+                    }
                } else
                    s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
            }