Applied, committed and pushed. Thanks! On Tue Nov 11 00:34:37 2014, pi...@cloudflare.com wrote: > Advance to the next state variant when reusing messages. > > Previously, state variant was not advanced, which resulted in state > being stuck in the st1 variant (usually "_A"). > > This broke certificate callback retry logic when accepting connections > that were using SSLv2 ClientHello (hence reusing the message), because > their state never advanced to SSL3_ST_SR_CLNT_HELLO_C variant required > for the retry code path. > > Reported by Yichun Zhang (agentzh). > > Signed-off-by: Piotr Sikora <pi...@cloudflare.com> > --- > ssl/s3_both.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/ssl/s3_both.c b/ssl/s3_both.c > index beef06f..10921a2 100644 > --- a/ssl/s3_both.c > +++ b/ssl/s3_both.c > @@ -358,6 +358,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, > goto f_err; > } > *ok=1; > + s->state=stn; > s->init_msg = s->init_buf->data + 4; > s->init_num = (int)s->s3->tmp.message_size; > return s->init_num;
-- Richard Levitte levi...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org