new_ssl fix session reuse

When an SSL client presents a previous session ID, the server should
either honour the request to reuse the parameters previously negotiated
for the given session ID, or ignore the request and generate a new
session ID.

In this situation, new_ssl tries to complete the handshake by sending
the client a "Finished" handshake message, which violates the SSL/TLS
specs. It should instead send a ChangeCipherSpec message before sending
the FInished message. This patch fixes it.

1 files changed, 7 insertions, 7 deletions

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 178c055cdf..c292fd70c7 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1115,13 +1115,13 @@ do_server_hello(Type, #state{negotiated_version = Version,
 	    case ssl_handshake:master_secret(Version, Session,
 					     ConnectionStates0, server) of
 		{_, ConnectionStates1} ->
-		    {ConnectionStates, Hashes} =
-			finished(State#state{connection_states =
-					     ConnectionStates1}),
-		    {next_state, abbreviated,
-		     next_record(State#state{connection_states = 
-					     ConnectionStates,
-					     tls_handshake_hashes = Hashes})};
+		    {ConnectionStates, Hashes} = 
+			finalize_server_handshake(State#state{connection_states=ConnectionStates1, session = Session}),
+		    NewState = 
+			State#state{connection_states = ConnectionStates,
+				    session = Session,
+				    tls_handshake_hashes = Hashes},
+		    {next_state, abbreviated, next_record(NewState)};
 		#alert{} = Alert ->
 		    handle_own_alert(Alert, Version, hello, State), 
 		    {stop, normal, State}