commit 7cd5924cec939cde5d906d387b8ec04e82b11e26
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Aug 02 13:24:41 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Wed Aug 14 14:08:05 2013 +0200
tree 7761bedf6f2f4231d9038c5cfe7d5f315c7d15d8
parent 3ffa3db80b00200d0ba0518fad99104f4f124e52

Rework NewSessionTicket handling in state machine

Fixes bug: NewSessionTicket was ommited in resumed sessions.

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 9b64392..40b9f23 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1967,10 +1967,11 @@
         return( POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
     }
 
-    ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;
-
     SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
 
+    /* We're not waiting for a NewSessionTicket message any more */
+    ssl->handshake->new_session_ticket = 0;
+
     /*
      * Zero-length ticket means the server changed his mind and doesn't want
      * to send a ticket after all, so just forget it
@@ -2094,12 +2095,11 @@
         *        ChangeCipherSpec
         *        Finished
         */
-       case SSL_SERVER_NEW_SESSION_TICKET:
-           ret = ssl_parse_new_session_ticket( ssl );
-           break;
-
        case SSL_SERVER_CHANGE_CIPHER_SPEC:
-           ret = ssl_parse_change_cipher_spec( ssl );
+           if( ssl->handshake->new_session_ticket != 0 )
+               ret = ssl_parse_new_session_ticket( ssl );
+           else
+               ret = ssl_parse_change_cipher_spec( ssl );
            break;
 
        case SSL_SERVER_FINISHED:

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 59c91c4..faa110a 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2358,7 +2358,8 @@
         return( ret );
     }
 
-    ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC;
+    /* No need to remember writing a NewSessionTicket any more */
+    ssl->handshake->new_session_ticket = 0;
 
     SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) );
 
@@ -2452,12 +2453,11 @@
          *        ChangeCipherSpec
          *        Finished
          */
-        case SSL_SERVER_NEW_SESSION_TICKET:
-            ret = ssl_write_new_session_ticket( ssl );
-            break;
-
         case SSL_SERVER_CHANGE_CIPHER_SPEC:
-            ret = ssl_write_change_cipher_spec( ssl );
+            if( ssl->handshake->new_session_ticket != 0 )
+                ret = ssl_write_new_session_ticket( ssl );
+            else
+                ret = ssl_write_change_cipher_spec( ssl );
             break;
 
         case SSL_SERVER_FINISHED:

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 27a503f..7e8ff34 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2619,11 +2619,6 @@
         else
             ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
     }
-    else if( ssl->endpoint == SSL_IS_CLIENT &&
-             ssl->handshake->new_session_ticket != 0 )
-    {
-        ssl->state = SSL_SERVER_NEW_SESSION_TICKET;
-    }
     else
         ssl->state++;
 
@@ -2736,11 +2731,6 @@
         if( ssl->endpoint == SSL_IS_SERVER )
             ssl->state = SSL_HANDSHAKE_WRAPUP;
     }
-    else if( ssl->endpoint == SSL_IS_SERVER &&
-             ssl->handshake->new_session_ticket != 0 )
-    {
-        ssl->state = SSL_SERVER_NEW_SESSION_TICKET;
-    }
     else
         ssl->state++;