diff options
| author | Matt Caswell <matt@openssl.org> | 2015-02-08 23:41:10 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-02-10 23:54:18 +0100 |
| commit | ea6bd2645431a064394c746fba7013950ea04f78 (patch) | |
| tree | 91c4a96068be1afe76d32b40388b1fd7b5c031f8 /ssl/ssl_asn1.c | |
| parent | Provide the API functions SSL_SESSION_has_ticket and (diff) | |
| download | openssl-ea6bd2645431a064394c746fba7013950ea04f78.tar.xz openssl-ea6bd2645431a064394c746fba7013950ea04f78.zip | |
Correct reading back of tlsext_tick_lifetime_hint from ASN1.
When writing out the hint, if the hint > 0, then we write it out otherwise
we skip it.
Previously when reading the hint back in, if were expecting to see one
(because the ticket length > 0), but it wasn't present then we set the hint
to -1, otherwise we set it to 0. This fails to set the hint to the same as
when it was written out.
The hint should never be negative because the RFC states the hint is
unsigned. It is valid for a server to set the hint to 0 (this means the
lifetime is unspecified according to the RFC). If the server set it to 0, it
should still be 0 when we read it back in.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl/ssl_asn1.c')
| -rw-r--r-- | ssl/ssl_asn1.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index b27e058bc7..63fe17f16e 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -569,9 +569,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, OPENSSL_free(ai.data); ai.data = NULL; ai.length = 0; - } else if (ret->tlsext_ticklen && ret->session_id_length) - ret->tlsext_tick_lifetime_hint = -1; - else + } else ret->tlsext_tick_lifetime_hint = 0; os.length = 0; os.data = NULL; |