-diff -upr openssl-SNAP-20080415.orig/ssl/s3_srvr.c openssl-SNAP-20080415/ssl/s3_srvr.c
---- openssl-SNAP-20080415.orig/ssl/s3_srvr.c 2007-10-26 16:00:29.000000000 +0300
-+++ openssl-SNAP-20080415/ssl/s3_srvr.c 2008-04-15 16:32:08.000000000 +0300
-@@ -992,6 +992,59 @@ int ssl3_get_client_hello(SSL *s)
+@@ -2918,11 +2932,8 @@ static int ssl3_check_finished(SSL *s)
+ {
+ int ok;
+ long n;
+- /* If we have no ticket or session ID is non-zero length (a match of
+- * a non-zero session length would never reach here) it cannot be a
+- * resumed session.
+- */
+- if (!s->session->tlsext_tick || s->session->session_id_length)
++ /* If we have no ticket it cannot be a resumed session. */
++ if (!s->session->tlsext_tick)
+ return 1;
+ /* this function is called when we really expect a Certificate
+ * message, so permit appropriate message length */
+diff -upr openssl-SNAP-20080528.orig/ssl/s3_srvr.c openssl-SNAP-20080528/ssl/s3_srvr.c
+--- openssl-SNAP-20080528.orig/ssl/s3_srvr.c 2008-04-30 20:00:38.000000000 +0300
++++ openssl-SNAP-20080528/ssl/s3_srvr.c 2008-05-29 10:49:25.000000000 +0300
+@@ -1004,6 +1004,59 @@ int ssl3_get_client_hello(SSL *s)