diff options
author | Matt Caswell <matt@openssl.org> | 2018-03-15 17:47:29 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-03-19 12:21:17 +0000 |
commit | 32305f88509c1d9ccb3ad676209a25fa59b95488 (patch) | |
tree | 465d5906e932f6f930061a32e60c003b89f2b1a9 /ssl/t1_lib.c | |
parent | 51cf8ba038aae10df9895b0001715938f7ad0c75 (diff) | |
download | openssl-32305f88509c1d9ccb3ad676209a25fa59b95488.tar.gz |
Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3
Conceptually in TLSv1.3 there can be multiple sessions associated with a
single connection. Each NewSessionTicket issued can be considered a
separate session. We can end up issuing multiple NewSessionTickets on a
single connection at the moment (e.g. in a post-handshake auth scenario).
Each of those issued tickets should have the new_session_cb called, it
should go into the session cache separately and it should have a unique
id associated with it (so that they can be found individually in the
cache).
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 596fdd4c34..796e9d4827 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1409,7 +1409,7 @@ SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, OPENSSL_free(sdec); if (sess) { /* Some additional consistency checks */ - if (slen != 0 || sess->session_id_length != 0) { + if (slen != 0) { SSL_SESSION_free(sess); return SSL_TICKET_NO_DECRYPT; } @@ -1419,9 +1419,10 @@ SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, * structure. If it is empty set length to zero as required by * standard. */ - if (sesslen) + if (sesslen) { memcpy(sess->session_id, sess_id, sesslen); - sess->session_id_length = sesslen; + sess->session_id_length = sesslen; + } *psess = sess; if (renew_ticket) return SSL_TICKET_SUCCESS_RENEW; |