From 5f21f93c61851f49aba3e28c8cef4c46be599261 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 13 Jul 2016 12:47:59 -0600 Subject: [PATCH] allow bogus sessionID when ticket callback rejects ticket --- src/internal.c | 2 +- src/tls.c | 1 + wolfssl/internal.h | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 0e7d68087..e15755f33 100755 --- a/src/internal.c +++ b/src/internal.c @@ -17668,7 +17668,7 @@ int DoSessionTicket(WOLFSSL* ssl, #ifdef HAVE_SESSION_TICKET if (ssl->options.useTicket == 1) { session = &ssl->session; - } else if (bogusID) { + } else if (bogusID == 1 && ssl->options.rejectTicket == 0) { WOLFSSL_MSG("Bogus session ID without session ticket"); return BUFFER_ERROR; } diff --git a/src/tls.c b/src/tls.c index 494bcafb5..fc45041e1 100644 --- a/src/tls.c +++ b/src/tls.c @@ -3181,6 +3181,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length, } } else if (ret == WOLFSSL_TICKET_RET_REJECT) { WOLFSSL_MSG("Process client ticket rejected, not using"); + ssl->options.rejectTicket = 1; ret = 0; /* not fatal */ } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) { WOLFSSL_MSG("Process client ticket fatal error, not using"); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 854d11433..ad568279c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2417,6 +2417,7 @@ typedef struct Options { #ifdef HAVE_SESSION_TICKET word16 createTicket:1; /* Server to create new Ticket */ word16 useTicket:1; /* Use Ticket not session cache */ + word16 rejectTicket:1; /* Callback rejected ticket */ #endif #ifdef WOLFSSL_DTLS word16 dtlsHsRetain:1; /* DTLS retaining HS data */