Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext. This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too. Reviewed-by: Matt Caswell <matt@openssl.org>

commit: a06cd5d056c6a5b1d161786873e21a5e53d554d8 [log] [tgz]
author: Emilia Kasper <emilia@openssl.org> Wed Nov 19 15:42:43 2014 +0100
committer: Emilia Kasper <emilia@openssl.org> Thu Nov 20 14:57:15 2014 +0100
tree: 7de291ef28fe195dd2063d41cbb33424d212b496
parent: 13d568661c14f71b3c6af263e1b60b92be738f57 [diff]
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index c84c662..98d775b 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -226,14 +226,6 @@
 			s->renegotiate=1;
 			s->state=SSL_ST_CONNECT;
 			s->ctx->stats.sess_connect_renegotiate++;
-#ifndef OPENSSL_NO_TLSEXT
-			/*
-			 * If renegotiating, the server may choose to not issue
-			 * a new ticket, so reset the flag. It will be set to
-			 * the right value when parsing ServerHello extensions.
-			 */
-			s->tlsext_ticket_expected = 0;
-#endif
 			/* break */
 		case SSL_ST_BEFORE:
 		case SSL_ST_CONNECT:

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 149e7d6..86203f1 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -2504,6 +2504,7 @@
 #ifndef OPENSSL_NO_NEXTPROTONEG
 	s->s3->next_proto_neg_seen = 0;
 #endif
+        s->tlsext_ticket_expected = 0;
 
 	if (s->s3->alpn_selected)
 		{
commit	a06cd5d056c6a5b1d161786873e21a5e53d554d8	[log] [tgz]
author	Emilia Kasper <emilia@openssl.org>	Wed Nov 19 15:42:43 2014 +0100
committer	Emilia Kasper <emilia@openssl.org>	Thu Nov 20 14:57:15 2014 +0100
tree	7de291ef28fe195dd2063d41cbb33424d212b496
parent	13d568661c14f71b3c6af263e1b60b92be738f57 [diff]