Fix from stable branch.

2025-01-18 13:44:20 +08:00 · 2008-09-03 22:17:11 +00:00 · 2008-09-03 22:17:11 +00:00 · e8da6a1d0f
commit e8da6a1d0f
parent 305514000c
2 changed files with 10 additions and 3 deletions
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@ -438,7 +438,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 		fatal = 1;
 		goto err;
 		}
-	else if (r == 0 || (!ret || !len))
+	else if (r == 0 || (!ret && !len))
 		goto err;
 	else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #else
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -1388,6 +1388,13 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
 	/* Point after session ID in client hello */
 	const unsigned char *p = session_id + len;
 	unsigned short i;
+
+	/* If tickets disabled behave as if no ticket present
+ 	 * to permit stateful resumption.
+ 	 */
+	if (SSL_get_options(s) & SSL_OP_NO_TICKET)
+		return 1;
+
 	if ((s->version <= SSL3_VERSION) || !limit)
 		return 1;
 	if (p >= limit)
@ -1419,8 +1426,8 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
 			 * trigger a full handshake
 			 */
 			if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-				return 0;
-			/* If zero length not client will accept a ticket
+				return 1;
+			/* If zero length note client will accept a ticket
 			 * and indicate cache miss to trigger full handshake
 			 */
 			if (size == 0)