From 1da05308ec1f5e781e32d47cde0067d80e95b456 Mon Sep 17 00:00:00 2001 From: "Tobias S. Josefowitz" <tobij@tobij.de> Date: Sun, 4 Aug 2019 18:35:12 +0200 Subject: [PATCH] SSL.ClientConnection: Fix session ticket support The server signals reuse of the session by echoing the session_id we provide (as well as by a shortened handshake/server hello). Presence of the session ticket extension informs of the server's intention to send a new session ticket (or replace an existing one), hence tickets_enabled does not need to be true (and apparently rarely is) when we resume sessions based on tickets with other SSL implementations on the server side. --- lib/modules/SSL.pmod/ClientConnection.pike | 7 ------- 1 file changed, 7 deletions(-) diff --git a/lib/modules/SSL.pmod/ClientConnection.pike b/lib/modules/SSL.pmod/ClientConnection.pike index 5388539bbd..0c9ed3a744 100644 --- a/lib/modules/SSL.pmod/ClientConnection.pike +++ b/lib/modules/SSL.pmod/ClientConnection.pike @@ -551,13 +551,6 @@ int(-1..1) handle_handshake(int type, string(8bit) data, string(8bit) raw) return -1; } - if (session->ticket && !tickets_enabled) { - // The server has stopped supporting session tickets? - // Make sure not to compare the server-generated - // session id with the one that we may have generated. - id = ""; - } - // RFC 5746 3.5: // When a ServerHello is received, the client MUST verify that the // "renegotiation_info" extension is present; if it is not, the -- GitLab