mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
1fcb4e4d52
openssl/test/ssl-tests
History
Todd Short a84e5c9aa8 Session resume broken switching contexts 
When an SSL's context is swtiched from a ticket-enabled context to
a ticket-disabled context in the servername callback, no session-id
is generated, so the session can't be resumed.

If a servername callback changes the SSL_OP_NO_TICKET option, check
to see if it's changed to disable, and whether a session ticket is
expected (i.e. the client indicated ticket support and the SSL had
tickets enabled at the time), and whether we already have a previous
session (i.e. s->hit is set).

In this case, clear the ticket-expected flag, remove any ticket data
and generate a session-id in the session.

If the SSL hit (resumed) and switched to a ticket-disabled context,
assume that the resumption was via session-id, and don't bother to
update the session.

Before this fix, the updated unit-tests in 06-sni-ticket.conf would
fail test #4 (server1 = SNI, server2 = no SNI).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/1529)
2017-10-04 10:21:08 +10:00
..
01-simple.conf
01-simple.conf.in
02-protocol-version.conf
02-protocol-version.conf.in
03-custom_verify.conf
03-custom_verify.conf.in
04-client_auth.conf
04-client_auth.conf.in
05-sni.conf Rename SSL_CTX_set_early_cb to SSL_CTX_set_client_hello_cb. 2017-09-08 13:58:59 -05:00
05-sni.conf.in Rename SSL_CTX_set_early_cb to SSL_CTX_set_client_hello_cb. 2017-09-08 13:58:59 -05:00
06-sni-ticket.conf Session resume broken switching contexts 2017-10-04 10:21:08 +10:00
06-sni-ticket.conf.in Session resume broken switching contexts 2017-10-04 10:21:08 +10:00
07-dtls-protocol-version.conf
07-dtls-protocol-version.conf.in
08-npn.conf
08-npn.conf.in
09-alpn.conf
09-alpn.conf.in
10-resumption.conf
10-resumption.conf.in
11-dtls_resumption.conf
11-dtls_resumption.conf.in
12-ct.conf
12-ct.conf.in
13-fragmentation.conf
13-fragmentation.conf.in
14-curves.conf
14-curves.conf.in
15-certstatus.conf
15-certstatus.conf.in
16-certstatus.conf
16-dtls-certstatus.conf
16-dtls-certstatus.conf.in
17-renegotiate.conf
17-renegotiate.conf.in
18-dtls-renegotiate.conf
18-dtls-renegotiate.conf.in
19-mac-then-encrypt.conf
19-mac-then-encrypt.conf.in
20-cert-select.conf Add RSA-PSS certificate type TLS tests 2017-09-20 12:50:23 +01:00
20-cert-select.conf.in Add RSA-PSS certificate type TLS tests 2017-09-20 12:50:23 +01:00
21-key-update.conf
21-key-update.conf.in
22-compression.conf
22-compression.conf.in
23-srp.conf
23-srp.conf.in
24-padding.conf
24-padding.conf.in
protocol_version.pm
ssltests_base.pm