aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-08-14 22:16:47 +0000
committerlloyd <[email protected]>2012-08-14 22:16:47 +0000
commite78969e9ef08de5b0f2d472e180d25ddfe8041f1 (patch)
treee9ea7d1b14ae489943e089351fc99a5d5320501d /src/tls
parent404ae3514fbbdb51e32af1c2c1434acacf5ec20c (diff)
Require servers to send us a session ticket message if they sent a
session ticket extension in their hello. This avoids an ambiguity in the DTLS handshake, as there the change cipher spec is not ordered with respect to the other handshake messages. This was never legal per spec, but some versions of GnuTLS seem to offer a session ticket in their hello but then not send a ticket message in the case where they don't have a session ticket key configured.
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/tls_client.cpp5
1 files changed, 2 insertions, 3 deletions
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 42d549136..c6c7a1765 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -263,11 +263,10 @@ void Client::process_handshake_msg(Handshake_Type type,
dynamic_cast<Client_Handshake_State&>(*m_state).resume_master_secret
);
- // The server is not strictly required to send us a new ticket
if(m_state->server_hello()->supports_session_ticket())
m_state->set_expected_next(NEW_SESSION_TICKET);
-
- m_state->set_expected_next(HANDSHAKE_CCS);
+ else
+ m_state->set_expected_next(HANDSHAKE_CCS);
}
else
{