aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_connection.erl
diff options
context:
space:
mode:
authorWil Tan <[email protected]>2010-01-07 03:18:45 +1100
committerDan Gudmundsson <[email protected]>2010-01-12 13:45:25 +0100
commitc9c70aa3cc4e2087cf0da4c4ba36f3dd4e4e4627 (patch)
treed5e416ba55189b471eb0adacb8e477a5efd90600 /lib/ssl/src/ssl_connection.erl
parentbce8acaa10f2265e5454c29097e33680076c7ccb (diff)
downloadotp-c9c70aa3cc4e2087cf0da4c4ba36f3dd4e4e4627.tar.gz
otp-c9c70aa3cc4e2087cf0da4c4ba36f3dd4e4e4627.tar.bz2
otp-c9c70aa3cc4e2087cf0da4c4ba36f3dd4e4e4627.zip
new_ssl fix session reuse
When an SSL client presents a previous session ID, the server should either honour the request to reuse the parameters previously negotiated for the given session ID, or ignore the request and generate a new session ID. In this situation, new_ssl tries to complete the handshake by sending the client a "Finished" handshake message, which violates the SSL/TLS specs. It should instead send a ChangeCipherSpec message before sending the FInished message. This patch fixes it.
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
-rw-r--r--lib/ssl/src/ssl_connection.erl14
1 files changed, 7 insertions, 7 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 178c055cdf..c292fd70c7 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1115,13 +1115,13 @@ do_server_hello(Type, #state{negotiated_version = Version,
case ssl_handshake:master_secret(Version, Session,
ConnectionStates0, server) of
{_, ConnectionStates1} ->
- {ConnectionStates, Hashes} =
- finished(State#state{connection_states =
- ConnectionStates1}),
- {next_state, abbreviated,
- next_record(State#state{connection_states =
- ConnectionStates,
- tls_handshake_hashes = Hashes})};
+ {ConnectionStates, Hashes} =
+ finalize_server_handshake(State#state{connection_states=ConnectionStates1, session = Session}),
+ NewState =
+ State#state{connection_states = ConnectionStates,
+ session = Session,
+ tls_handshake_hashes = Hashes},
+ {next_state, abbreviated, next_record(NewState)};
#alert{} = Alert ->
handle_own_alert(Alert, Version, hello, State),
{stop, normal, State}