Applied, committed and pushed. Thanks!
On Tue Nov 11 00:34:37 2014, pi...@cloudflare.com wrote:
> Advance to the next state variant when reusing messages.
>
> Previously, state variant was not advanced, which resulted in state
> being stuck in the st1 variant (usually "_A").
>
> This broke certificate callback retry logic when accepting connections
> that were using SSLv2 ClientHello (hence reusing the message), because
> their state never advanced to SSL3_ST_SR_CLNT_HELLO_C variant required
> for the retry code path.
>
> Reported by Yichun Zhang (agentzh).
>
> Signed-off-by: Piotr Sikora
> ---
> ssl/s3_both.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/ssl/s3_both.c b/ssl/s3_both.c
> index beef06f..10921a2 100644
> --- a/ssl/s3_both.c
> +++ b/ssl/s3_both.c
> @@ -358,6 +358,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt,
> goto f_err;
> }
> *ok=1;
> + s->state=stn;
> s->init_msg = s->init_buf->data + 4;
> s->init_num = (int)s->s3->tmp.message_size;
> return s->init_num;
--
Richard Levitte
levi...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
