From a63276d6bd58ed58ab0a491443ce65ebccb119ed Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Thu, 30 Jun 2022 11:18:39 +0000 Subject: Check whether the security level allows session tickets. ok beck jsing --- lib/libssl/ssl_tlsext.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib/libssl/ssl_tlsext.c') diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index fc6c11daa62..f103c2253ed 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.115 2022/06/29 17:39:20 beck Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.116 2022/06/30 11:18:38 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1124,6 +1124,9 @@ tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type) if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) return 0; + if (!ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL)) + return 0; + if (s->internal->new_session) return 1; @@ -1203,7 +1206,8 @@ int tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type) { return (s->internal->tlsext_ticket_expected && - !(SSL_get_options(s) & SSL_OP_NO_TICKET)); + !(SSL_get_options(s) & SSL_OP_NO_TICKET) && + ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL)); } int -- cgit v1.2.3