The check for SSL_OP_NO_TICKET is performed as the first line of code in the
function tls1_process_ticket so there's no need to check it later in the same
function. Attached patch removes the second check.
Index: ./ssl/t1_lib.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.97
diff -u -r1.97 t1_lib.c
--- ./ssl/t1_lib.c 1 Jun 2011 11:10:35 -0000 1.97
+++ ./ssl/t1_lib.c 31 Jul 2011 05:30:49 -0000
@@ -1891,11 +1891,6 @@
return 1;
if (type == TLSEXT_TYPE_session_ticket)
{
- /* If tickets disabled indicate cache miss which will
- * trigger a full handshake
- */
- if (SSL_get_options(s) & SSL_OP_NO_TICKET)
- return 1;
/* If zero length note client will accept a ticket
* and indicate cache miss to trigger full handshake
*/
