Remove ssl3_check_finished.

ssl3_get_new_session_ticket is sensible and fills in a session_id for stateless sessions, so the resumption will already be detected at this point. Remove the codepath in ssl3_client_hello which allows for resuming sessions with empty session_ids. The rest of the code doesn't allow it either. This removes another codepath where we potentially probe a Finished message early. Change-Id: I2749b5c65c7ce98c6f30566d8716360ff1bba24c Reviewed-on: https://boringssl-review.googlesource.com/1295 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-07-22 06:23:50 +0400
committer: Adam Langley <agl@google.com> 2014-07-23 19:52:38 +0400
commit: 407886f589cf2dbaed82db0a44173036c3bc3317 (patch)
tree: 0cdc0ae5f04cd09dbef6bb89139b2ff7f5a650bd /ssl/d1_clnt.c
parent: 9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67 (diff)
1 files changed, 0 insertions, 12 deletions
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 63d31f2f..b3d40466 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -298,18 +298,6 @@ int dtls1_connect(SSL *s)
 
 		case SSL3_ST_CR_CERT_A:
 		case SSL3_ST_CR_CERT_B:
-			ret=ssl3_check_finished(s);
-			if (ret <= 0) goto end;
-			if (ret == 2)
-				{
-				s->hit = 1;
-				if (s->tlsext_ticket_expected)
-					s->state=SSL3_ST_CR_SESSION_TICKET_A;
-				else
-					s->state=SSL3_ST_CR_FINISHED_A;
-				s->init_num=0;
-				break;
-				}
 			/* Check if it is anon DH or PSK */
 			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
 			    !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
author	David Benjamin <davidben@chromium.org>	2014-07-22 06:23:50 +0400
committer	Adam Langley <agl@google.com>	2014-07-23 19:52:38 +0400
commit	407886f589cf2dbaed82db0a44173036c3bc3317 (patch)
tree	0cdc0ae5f04cd09dbef6bb89139b2ff7f5a650bd /ssl/d1_clnt.c
parent	9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67 (diff)