diff options
author | lloyd <[email protected]> | 2012-08-14 22:16:47 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-08-14 22:16:47 +0000 |
commit | e78969e9ef08de5b0f2d472e180d25ddfe8041f1 (patch) | |
tree | e9ea7d1b14ae489943e089351fc99a5d5320501d /src/tls | |
parent | 404ae3514fbbdb51e32af1c2c1434acacf5ec20c (diff) |
Require servers to send us a session ticket message if they sent a
session ticket extension in their hello. This avoids an ambiguity in
the DTLS handshake, as there the change cipher spec is not ordered
with respect to the other handshake messages. This was never legal per
spec, but some versions of GnuTLS seem to offer a session ticket in
their hello but then not send a ticket message in the case where they
don't have a session ticket key configured.
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/tls_client.cpp | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 42d549136..c6c7a1765 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -263,11 +263,10 @@ void Client::process_handshake_msg(Handshake_Type type, dynamic_cast<Client_Handshake_State&>(*m_state).resume_master_secret ); - // The server is not strictly required to send us a new ticket if(m_state->server_hello()->supports_session_ticket()) m_state->set_expected_next(NEW_SESSION_TICKET); - - m_state->set_expected_next(HANDSHAKE_CCS); + else + m_state->set_expected_next(HANDSHAKE_CCS); } else { |