From c9c70aa3cc4e2087cf0da4c4ba36f3dd4e4e4627 Mon Sep 17 00:00:00 2001 From: Wil Tan Date: Thu, 7 Jan 2010 03:18:45 +1100 Subject: new_ssl fix session reuse When an SSL client presents a previous session ID, the server should either honour the request to reuse the parameters previously negotiated for the given session ID, or ignore the request and generate a new session ID. In this situation, new_ssl tries to complete the handshake by sending the client a "Finished" handshake message, which violates the SSL/TLS specs. It should instead send a ChangeCipherSpec message before sending the FInished message. This patch fixes it. --- lib/ssl/src/ssl_connection.erl | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 178c055cdf..c292fd70c7 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -1115,13 +1115,13 @@ do_server_hello(Type, #state{negotiated_version = Version, case ssl_handshake:master_secret(Version, Session, ConnectionStates0, server) of {_, ConnectionStates1} -> - {ConnectionStates, Hashes} = - finished(State#state{connection_states = - ConnectionStates1}), - {next_state, abbreviated, - next_record(State#state{connection_states = - ConnectionStates, - tls_handshake_hashes = Hashes})}; + {ConnectionStates, Hashes} = + finalize_server_handshake(State#state{connection_states=ConnectionStates1, session = Session}), + NewState = + State#state{connection_states = ConnectionStates, + session = Session, + tls_handshake_hashes = Hashes}, + {next_state, abbreviated, next_record(NewState)}; #alert{} = Alert -> handle_own_alert(Alert, Version, hello, State), {stop, normal, State} -- cgit v1.2.3