Fix from stable branch.
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index c5ca1c2..1378f76 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c
@@ -438,7 +438,7 @@ fatal = 1; goto err; } - else if (r == 0 || (!ret || !len)) + else if (r == 0 || (!ret && !len)) goto err; else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) #else
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index bde52b1..dc0396c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -1388,6 +1388,13 @@ /* Point after session ID in client hello */ const unsigned char *p = session_id + len; unsigned short i; + + /* If tickets disabled behave as if no ticket present + * to permit stateful resumption. + */ + if (SSL_get_options(s) & SSL_OP_NO_TICKET) + return 1; + if ((s->version <= SSL3_VERSION) || !limit) return 1; if (p >= limit) @@ -1419,8 +1426,8 @@ * trigger a full handshake */ if (SSL_get_options(s) & SSL_OP_NO_TICKET) - return 0; - /* If zero length not client will accept a ticket + return 1; + /* If zero length note client will accept a ticket * and indicate cache miss to trigger full handshake */ if (size == 0)