[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Thu Jun 4 08:19:15 UTC 2015
The branch master has been updated
via 7322abf5cefdeb47c7d61f3b916c428bf2cd69b6 (commit)
from 97cacc537eba474d27dea0f96796b3b754e60034 (commit)
- Log -----------------------------------------------------------------
commit 7322abf5cefdeb47c7d61f3b916c428bf2cd69b6
Author: Matt Caswell <matt at openssl.org>
Date: Wed May 6 11:40:06 2015 +0100
Fix DTLS session resumption
The session object on the client side is initially created during
construction of the ClientHello. If the client is DTLS1.2 capable then it
will store 1.2 as the version for the session. However if the server is only
DTLS1.0 capable then when the ServerHello comes back the client switches to
using DTLS1.0 from then on. However the session version does not get
updated. Therefore when the client attempts to resume that session the
server throws an alert because of an incorrect protocol version.
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_clnt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d6f53b0..888fe4f 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1036,7 +1036,7 @@ int ssl3_get_server_hello(SSL *s)
al = SSL_AD_PROTOCOL_VERSION;
goto f_err;
}
- s->version = s->method->version;
+ s->session->ssl_version = s->version = s->method->version;
} else if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
s->version = (s->version & 0xff00) | p[1];
More information about the openssl-commits
mailing list