From 2f63ad5b35920ce1cbd52f33341e49ccd2541a54 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 29 Apr 2008 17:22:35 +0000
Subject: [PATCH] Update from stable branch.

---
 ssl/s3_clnt.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 74f5abe13c..4ca47faf51 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2918,7 +2918,11 @@ static int ssl3_check_finished(SSL *s)
 	{
 	int ok;
 	long n;
-	if (!s->session->tlsext_tick)
+	/* If we have no ticket or session ID is non-zero length (a match of
+	 * a non-zero session length would never reach here) it cannot be a
+	 * resumed session.
+	 */
+	if (!s->session->tlsext_tick || s->session->session_id_length)
 		return 1;
 	/* this function is called when we really expect a Certificate
 	 * message, so permit appropriate message length */
-- 
GitLab