mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-27 06:35:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Rework NewSessionTicket handling in state machine

Browse Source 
Fixes bug: NewSessionTicket was ommited in resumed sessions.
This commit is contained in:
Manuel Pégourié-Gonnard 2013-08-02 13:24:41 +02:00 committed by Paul Bakker
parent 3ffa3db80b
commit 7cd5924cec
3 changed files with 13 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
library/ssl_cli.c
View File

@ -1967,10 +1967,11 @@ static int ssl_parse_new_session_ticket( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); return( POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
} }
ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;
SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) ); SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
/* We're not waiting for a NewSessionTicket message any more */
ssl->handshake->new_session_ticket = 0;
/* /*
* Zero-length ticket means the server changed his mind and doesn't want * Zero-length ticket means the server changed his mind and doesn't want
* to send a ticket after all, so just forget it * to send a ticket after all, so just forget it
@ -2094,12 +2095,11 @@ int ssl_handshake_client_step( ssl_context *ssl )
* ChangeCipherSpec * ChangeCipherSpec
* Finished * Finished
*/ */
case SSL_SERVER_NEW_SESSION_TICKET:
ret = ssl_parse_new_session_ticket( ssl );
break;
case SSL_SERVER_CHANGE_CIPHER_SPEC: case SSL_SERVER_CHANGE_CIPHER_SPEC:
ret = ssl_parse_change_cipher_spec( ssl ); if( ssl->handshake->new_session_ticket != 0 )
ret = ssl_parse_new_session_ticket( ssl );
else
ret = ssl_parse_change_cipher_spec( ssl );
break; break;
case SSL_SERVER_FINISHED: case SSL_SERVER_FINISHED:

12
library/ssl_srv.c
View File

@ -2358,7 +2358,8 @@ static int ssl_write_new_session_ticket( ssl_context *ssl )
return( ret ); return( ret );
} }
ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC; /* No need to remember writing a NewSessionTicket any more */
ssl->handshake->new_session_ticket = 0;
SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) ); SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
@ -2452,12 +2453,11 @@ int ssl_handshake_server_step( ssl_context *ssl )
* ChangeCipherSpec * ChangeCipherSpec
* Finished * Finished
*/ */
case SSL_SERVER_NEW_SESSION_TICKET:
ret = ssl_write_new_session_ticket( ssl );
break;
case SSL_SERVER_CHANGE_CIPHER_SPEC: case SSL_SERVER_CHANGE_CIPHER_SPEC:
ret = ssl_write_change_cipher_spec( ssl ); if( ssl->handshake->new_session_ticket != 0 )
ret = ssl_write_new_session_ticket( ssl );
else
ret = ssl_write_change_cipher_spec( ssl );
break; break;
case SSL_SERVER_FINISHED: case SSL_SERVER_FINISHED:

10
library/ssl_tls.c
View File

@ -2619,11 +2619,6 @@ int ssl_write_finished( ssl_context *ssl )
else else
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC; ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
} }
else if( ssl->endpoint == SSL_IS_CLIENT &&
ssl->handshake->new_session_ticket != 0 )
{
ssl->state = SSL_SERVER_NEW_SESSION_TICKET;
}
else else
ssl->state++; ssl->state++;
@ -2736,11 +2731,6 @@ int ssl_parse_finished( ssl_context *ssl )
if( ssl->endpoint == SSL_IS_SERVER ) if( ssl->endpoint == SSL_IS_SERVER )
ssl->state = SSL_HANDSHAKE_WRAPUP; ssl->state = SSL_HANDSHAKE_WRAPUP;
} }
else if( ssl->endpoint == SSL_IS_SERVER &&
ssl->handshake->new_session_ticket != 0 )
{
ssl->state = SSL_SERVER_NEW_SESSION_TICKET;
}
else else
ssl->state++; ssl->state++;