Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for TLS v1.2 session resumption with tickets where the server decides to do full handshake #8108

Closed
wants to merge 1 commit into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -17471,6 +17471,18 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
case certificate_request:
case server_hello_done:
if (ssl->options.resuming) {
/* Client requested resumption, but server is doing a
* full handshake */

/* The server's decision to resume isn't known until after the
* "server_hello". If subsequent handshake messages like
julek-wolfssl marked this conversation as resolved.
Show resolved Hide resolved
* "certificate" or "server_key_exchange" are recevied then we
* are doing a full handshake */

/* If the server included a session id then we
* treat this as a fatal error, since the server said it was
* doing resumption, but did not. */

/* https://www.rfc-editor.org/rfc/rfc5077.html#section-3.4
* Alternatively, the client MAY include an empty Session ID
* in the ClientHello. In this case, the client ignores the
Expand All @@ -17479,7 +17491,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
* messages.
*/
#ifndef WOLFSSL_WPAS
if (ssl->session->sessionIDSz != 0) {
if (ssl->arrays->sessionIDSz != 0) {
/* Fatal error. Only try to send an alert. RFC 5246 does not
* allow for reverting back to a full handshake after the
* server has indicated the intention to do a resumption. */
Expand Down
Loading