diff --git a/src/internal.c b/src/internal.c index 56eac2df9..f4b49aa36 100644 --- a/src/internal.c +++ b/src/internal.c @@ -30963,14 +30963,16 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.haveSessionId = 1; /* DoClientHello uses same resume code */ if (ssl->options.resuming) { /* let's try */ - WOLFSSL_SESSION* session = wolfSSL_GetSession(ssl, - ssl->arrays->masterSecret, 1); - #ifdef HAVE_SESSION_TICKET - if (ssl->options.useTicket == 1) { - session = ssl->session; - } - #endif - + WOLFSSL_SESSION* session; + #ifdef HAVE_SESSION_TICKET + if (ssl->options.useTicket == 1) { + session = ssl->session; + } + else + #endif + { + session = wolfSSL_GetSession(ssl, ssl->arrays->masterSecret, 1); + } if (!session) { WOLFSSL_MSG("Session lookup for resume failed"); ssl->options.resuming = 0; @@ -31028,10 +31030,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef HAVE_SESSION_TICKET if (ssl->options.useTicket == 1) { session = ssl->session; - } else if (bogusID == 1 && ssl->options.rejectTicket == 0) { + } + else if (bogusID == 1 && ssl->options.rejectTicket == 0) { WOLFSSL_MSG("Bogus session ID without session ticket"); return BUFFER_ERROR; - } else + } + else #endif { session = wolfSSL_GetSession(ssl, ssl->arrays->masterSecret, 1); diff --git a/src/sniffer.c b/src/sniffer.c index a7d89092a..bc68559d0 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -3362,6 +3362,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, if (session->sslServer->arrays) { XMEMCPY(session->sslServer->arrays->sessionID, input + len - ID_LEN, ID_LEN); + session->sslServer->arrays->sessionIDSz = ID_LEN; } } @@ -3386,6 +3387,11 @@ static int DoResume(SnifferSession* session, char* error) else #endif { + #ifdef HAVE_SESSION_TICKET + /* make sure "useTicket" is not set, otherwise the session will not be + * properly retrieved */ + session->sslServer->options.useTicket = 0; + #endif resume = wolfSSL_GetSession(session->sslServer, session->sslServer->arrays->masterSecret, 0); if (resume == NULL) { @@ -3698,6 +3704,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, if (session->ticketID && doResume) { /* use ticketID to retrieve from session, prefer over sessionID */ XMEMCPY(session->sslServer->arrays->sessionID,session->ticketID,ID_LEN); + session->sslServer->arrays->sessionIDSz = ID_LEN; session->sslServer->options.haveSessionId = 1; /* may not have actual sessionID */ } @@ -4085,8 +4092,10 @@ static int ProcessClientHello(const byte* input, int* sslBytes, return -1; } } + #ifdef HAVE_SESSION_TICKET - ssl->options.useTicket = 1; + /* do not set "ssl->options.useTicket", since the sniffer uses + * the cache differently for retaining the master secret only */ #endif XMEMCPY(session->ticketID, input + extLen - ID_LEN, ID_LEN); } diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 9f8b4d089..6c7060c5e 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -330,7 +330,7 @@ static int myStoreDataCb(const unsigned char* decryptBuf, /* try and load as both static ephemeral and private key */ /* only fail if no key is loaded */ -/* Allow comma seperated list of files */ +/* Allow comma separated list of files */ static int load_key(const char* name, const char* server, int port, const char* keyFiles, const char* passwd, char* err) {