Update external polarssl to 1.3.8

There were some fixes back on March 13th, 2014 for fixing compiling on MIPS64.
Also some fixes on June 25th, 2014 for SPARC64 fixes.

Probably more things, but those are what I care about.
This commit is contained in:
Ryan Houdek
2014-09-08 01:58:33 -05:00
parent 6ea82790ba
commit a48e284317
130 changed files with 12346 additions and 4632 deletions

View File

@ -1,7 +1,7 @@
/*
* SSLv3/TLSv1 client-side functions
*
* Copyright (C) 2006-2013, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -23,15 +23,19 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_SSL_CLI_C)
#include "polarssl/debug.h"
#include "polarssl/ssl.h"
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_malloc malloc
#define polarssl_free free
@ -51,6 +55,13 @@ typedef UINT32 uint32_t;
#include <time.h>
#endif
#if defined(POLARSSL_SSL_SESSION_TICKETS)
/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}
#endif
#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
static void ssl_write_hostname_ext( ssl_context *ssl,
unsigned char *buf,
@ -60,7 +71,7 @@ static void ssl_write_hostname_ext( ssl_context *ssl,
*olen = 0;
if ( ssl->hostname == NULL )
if( ssl->hostname == NULL )
return;
SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
@ -137,8 +148,10 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
size_t *olen )
{
unsigned char *p = buf;
unsigned char *sig_alg_list = buf + 6;
size_t sig_alg_len = 0;
#if defined(POLARSSL_RSA_C) || defined(POLARSSL_ECDSA_C)
unsigned char *sig_alg_list = buf + 6;
#endif
*olen = 0;
@ -233,19 +246,28 @@ static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl,
unsigned char *p = buf;
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const ecp_curve_info *curve;
const ecp_curve_info *info;
#if defined(POLARSSL_SSL_SET_CURVES)
const ecp_group_id *grp_id;
#else
((void) ssl);
#endif
*olen = 0;
SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
for( curve = ecp_curve_list();
curve->grp_id != POLARSSL_ECP_DP_NONE;
curve++ )
#if defined(POLARSSL_SSL_SET_CURVES)
for( grp_id = ssl->curve_list; *grp_id != POLARSSL_ECP_DP_NONE; grp_id++ )
{
elliptic_curve_list[elliptic_curve_len++] = curve->tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = curve->tls_id & 0xFF;
info = ecp_curve_info_from_grp_id( *grp_id );
#else
for( info = ecp_curve_list(); info->grp_id != POLARSSL_ECP_DP_NONE; info++ )
{
#endif
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
}
if( elliptic_curve_len == 0 )
@ -374,6 +396,54 @@ static void ssl_write_session_ticket_ext( ssl_context *ssl,
}
#endif /* POLARSSL_SSL_SESSION_TICKETS */
#if defined(POLARSSL_SSL_ALPN)
static void ssl_write_alpn_ext( ssl_context *ssl,
unsigned char *buf, size_t *olen )
{
unsigned char *p = buf;
const char **cur;
if( ssl->alpn_list == NULL )
{
*olen = 0;
return;
}
SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
*p++ = (unsigned char)( ( TLS_EXT_ALPN >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( TLS_EXT_ALPN ) & 0xFF );
/*
* opaque ProtocolName<1..2^8-1>;
*
* struct {
* ProtocolName protocol_name_list<2..2^16-1>
* } ProtocolNameList;
*/
/* Skip writing extension and list length for now */
p += 4;
for( cur = ssl->alpn_list; *cur != NULL; cur++ )
{
*p = (unsigned char)( strlen( *cur ) & 0xFF );
memcpy( p + 1, *cur, *p );
p += 1 + *p;
}
*olen = p - buf;
/* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF );
buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF );
/* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF );
}
#endif /* POLARSSL_SSL_ALPN */
static int ssl_write_client_hello( ssl_context *ssl )
{
int ret;
@ -435,7 +505,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
return( ret );
p += 4;
#endif
#endif /* POLARSSL_HAVE_TIME */
if( ( ret = ssl->f_rng( ssl->p_rng, p, 28 ) ) != 0 )
return( ret );
@ -546,7 +616,7 @@ static int ssl_write_client_hello( ssl_context *ssl )
*p++ = 1;
*p++ = SSL_COMPRESS_NULL;
#endif
#endif /* POLARSSL_ZLIB_SUPPORT */
// First write extensions, then the total length
//
@ -586,12 +656,20 @@ static int ssl_write_client_hello( ssl_context *ssl )
ext_len += olen;
#endif
#if defined(POLARSSL_SSL_ALPN)
ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
#endif
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
ext_len ) );
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
if( ext_len > 0 )
{
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
}
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
@ -725,7 +803,7 @@ static int ssl_parse_supported_point_formats_ext( ssl_context *ssl,
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
}
p = buf + 2;
p = buf + 1;
while( list_size > 0 )
{
if( p[0] == POLARSSL_ECP_PF_UNCOMPRESSED ||
@ -740,10 +818,59 @@ static int ssl_parse_supported_point_formats_ext( ssl_context *ssl,
p++;
}
return( 0 );
SSL_DEBUG_MSG( 1, ( "no point format in common" ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
}
#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */
#if defined(POLARSSL_SSL_ALPN)
static int ssl_parse_alpn_ext( ssl_context *ssl,
const unsigned char *buf, size_t len )
{
size_t list_len, name_len;
const char **p;
/* If we didn't send it, the server shouldn't send it */
if( ssl->alpn_list == NULL )
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
/*
* opaque ProtocolName<1..2^8-1>;
*
* struct {
* ProtocolName protocol_name_list<2..2^16-1>
* } ProtocolNameList;
*
* the "ProtocolNameList" MUST contain exactly one "ProtocolName"
*/
/* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
if( len < 4 )
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
list_len = ( buf[0] << 8 ) | buf[1];
if( list_len != len - 2 )
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
name_len = buf[2];
if( name_len != list_len - 1 )
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
/* Check that the server chosen protocol was in our list and save it */
for( p = ssl->alpn_list; *p != NULL; p++ )
{
if( name_len == strlen( *p ) &&
memcmp( buf + 3, *p, name_len ) == 0 )
{
ssl->alpn_chosen = *p;
return( 0 );
}
}
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO );
}
#endif /* POLARSSL_SSL_ALPN */
static int ssl_parse_server_hello( ssl_context *ssl )
{
int ret, i, comp;
@ -801,8 +928,8 @@ static int ssl_parse_server_hello( ssl_context *ssl )
if( ssl->minor_ver < ssl->min_minor_ver )
{
SSL_DEBUG_MSG( 1, ( "server only supports ssl smaller than minimum"
" [%d:%d] < [%d:%d]", ssl->major_ver, ssl->minor_ver,
buf[4], buf[5] ) );
" [%d:%d] < [%d:%d]", ssl->major_ver,
ssl->minor_ver, buf[4], buf[5] ) );
ssl_send_alert_message( ssl, SSL_ALERT_LEVEL_FATAL,
SSL_ALERT_MSG_PROTOCOL_VERSION );
@ -858,15 +985,15 @@ static int ssl_parse_server_hello( ssl_context *ssl )
* Initialize update checksum functions
*/
ssl->transform_negotiate->ciphersuite_info = ssl_ciphersuite_from_id( i );
ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
if( ssl->transform_negotiate->ciphersuite_info == NULL )
{
SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
ssl->ciphersuite_list[ssl->minor_ver][i] ) );
SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) );
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
}
ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info );
SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
@ -957,7 +1084,8 @@ static int ssl_parse_server_hello( ssl_context *ssl )
SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
renegotiation_info_seen = 1;
if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ) ) != 0 )
if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4,
ext_size ) ) != 0 )
return( ret );
break;
@ -1014,6 +1142,16 @@ static int ssl_parse_server_hello( ssl_context *ssl )
break;
#endif /* POLARSSL_ECDH_C || POLARSSL_ECDSA_C */
#if defined(POLARSSL_SSL_ALPN)
case TLS_EXT_ALPN:
SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 )
return( ret );
break;
#endif /* POLARSSL_SSL_ALPN */
default:
SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
ext_id ) );
@ -1118,21 +1256,34 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
static int ssl_check_server_ecdh_params( const ssl_context *ssl )
{
SSL_DEBUG_MSG( 2, ( "ECDH curve size: %d",
(int) ssl->handshake->ecdh_ctx.grp.nbits ) );
const ecp_curve_info *curve_info;
curve_info = ecp_curve_info_from_grp_id( ssl->handshake->ecdh_ctx.grp.id );
if( curve_info == NULL )
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
#if defined(POLARSSL_SSL_ECP_SET_CURVES)
if( ! ssl_curve_is_acceptable( ssl, ssl->handshake->ecdh_ctx.grp.id ) )
#else
if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
ssl->handshake->ecdh_ctx.grp.nbits > 521 )
{
#endif
return( -1 );
}
SSL_DEBUG_ECP( 3, "ECDH: Qp", &ssl->handshake->ecdh_ctx.Qp );
return( 0 );
}
#endif
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
@ -1160,7 +1311,7 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl,
if( ssl_check_server_ecdh_params( ssl ) != 0 )
{
SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDH length)" ) );
SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@ -1348,7 +1499,7 @@ static int ssl_get_ecdh_params_from_cert( ssl_context *ssl )
if( ssl_check_server_ecdh_params( ssl ) != 0 )
{
SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH length)" ) );
SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
@ -1390,7 +1541,11 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_RSA ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDH_ECDSA )
{
ssl_get_ecdh_params_from_cert( ssl );
if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
return( ret );
}
SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
ssl->state++;
@ -1398,7 +1553,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
}
((void) p);
((void) end);
#endif
#endif /* POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
if( ( ret = ssl_read_record( ssl ) ) != 0 )
{
@ -1488,7 +1644,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
@ -1520,7 +1676,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
}
}
else
#endif
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
defined(POLARSSL_SSL_PROTO_TLS1_1)
if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
@ -1535,7 +1691,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
#endif
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
/*
@ -1562,6 +1718,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
md5_context md5;
sha1_context sha1;
md5_init( &md5 );
sha1_init( &sha1 );
hashlen = 36;
/*
@ -1586,6 +1745,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
sha1_update( &sha1, ssl->handshake->randbytes, 64 );
sha1_update( &sha1, ssl->in_msg + 4, params_len );
sha1_finish( &sha1, hash + 16 );
md5_free( &md5 );
sha1_free( &sha1 );
}
else
#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
@ -1596,6 +1758,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
{
md_context_t ctx;
md_init( &ctx );
/* Info from md_alg will be used instead */
hashlen = 0;
@ -1606,7 +1770,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
* ServerDHParams params;
* };
*/
if( ( ret = md_init_ctx( &ctx, md_info_from_type( md_alg ) ) ) != 0 )
if( ( ret = md_init_ctx( &ctx,
md_info_from_type( md_alg ) ) ) != 0 )
{
SSL_DEBUG_RET( 1, "md_init_ctx", ret );
return( ret );
@ -1616,14 +1781,14 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
md_update( &ctx, ssl->handshake->randbytes, 64 );
md_update( &ctx, ssl->in_msg + 4, params_len );
md_finish( &ctx, hash );
md_free_ctx( &ctx );
md_free( &ctx );
}
else
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
POLARSSL_SSL_PROTO_TLS1_2 */
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
@ -1663,7 +1828,6 @@ exit:
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_parse_certificate_request( ssl_context *ssl )
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
@ -1678,8 +1842,8 @@ static int ssl_parse_certificate_request( ssl_context *ssl )
return( 0 );
}
SSL_DEBUG_MSG( 1, ( "should not happen" ) );
return( ret );
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
#else
static int ssl_parse_certificate_request( ssl_context *ssl )
@ -1901,7 +2065,7 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
ssl->handshake->pmslen = ssl->handshake->dhm_ctx.len;
ssl->handshake->pmslen = POLARSSL_PREMASTER_SIZE;
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
ssl->handshake->premaster,
@ -2037,7 +2201,7 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
if( ( ret = ssl_psk_derive_premaster( ssl,
@ -2061,7 +2225,7 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
{
((void) ciphersuite_info);
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
@ -2093,7 +2257,6 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
!defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_write_certificate_verify( ssl_context *ssl )
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
@ -2108,8 +2271,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
return( 0 );
}
SSL_DEBUG_MSG( 1, ( "should not happen" ) );
return( ret );
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
#else
static int ssl_write_certificate_verify( ssl_context *ssl )
@ -2223,7 +2386,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
if( ( ret = pk_sign( ssl_own_key( ssl ), md_alg, hash_start, hashlen,
@ -2318,9 +2481,11 @@ static int ssl_parse_new_session_ticket( ssl_context *ssl )
* Zero-length ticket means the server changed his mind and doesn't want
* to send a ticket after all, so just forget it
*/
if( ticket_len == 0)
if( ticket_len == 0 )
return( 0 );
polarssl_zeroize( ssl->session_negotiate->ticket,
ssl->session_negotiate->ticket_len );
polarssl_free( ssl->session_negotiate->ticket );
ssl->session_negotiate->ticket = NULL;
ssl->session_negotiate->ticket_len = 0;
@ -2467,4 +2632,4 @@ int ssl_handshake_client_step( ssl_context *ssl )
return( ret );
}
#endif
#endif /* POLARSSL_SSL_CLI_C */