diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-10-28 19:53:10 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-10-28 19:53:10 +0000 |
| commit | e6e11f4ec3401d64a0f11fd84396faf1dc855c13 (patch) | |
| tree | c7ebfd1cadc11c9d05913d8461e852aebcbb7114 | |
| parent | 452e41562cdf7bd40706d2dfe5318dceefdc5fb3 (diff) | |
Don't attempt session resumption if no ticket is present and session
ID length is zero.
| -rw-r--r-- | apps/s_server.c | 14 | ||||
| -rw-r--r-- | ssl/s3_clnt.c | 12 |
2 files changed, 20 insertions, 6 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index f1232fd3dc..cb1ebcae38 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -771,6 +771,7 @@ int MAIN(int argc, char *argv[]) int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; X509 *s_cert = NULL, *s_dcert = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL; + int no_cache = 0; #ifndef OPENSSL_NO_TLSEXT EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; @@ -910,6 +911,8 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; CApath= *(++argv); } + else if (strcmp(*argv,"-no_cache") == 0) + no_cache = 1; else if (strcmp(*argv,"-crl_check") == 0) { vflags |= X509_V_FLAG_CRL_CHECK; @@ -1252,8 +1255,10 @@ bad: if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); - - SSL_CTX_sess_set_cache_size(ctx,128); + if (no_cache) + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); + else + SSL_CTX_sess_set_cache_size(ctx,128); #if 0 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); @@ -1320,7 +1325,10 @@ bad: if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback); - SSL_CTX_sess_set_cache_size(ctx2,128); + if (no_cache) + SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF); + else + SSL_CTX_sess_set_cache_size(ctx2,128); if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || (!SSL_CTX_set_default_verify_paths(ctx2))) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 7791b14508..a76162646e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -594,9 +594,15 @@ int ssl3_client_hello(SSL *s) buf=(unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { - if ((s->session == NULL) || - (s->session->ssl_version != s->version) || - (s->session->not_resumable)) + SSL_SESSION *sess = s->session; + if ((sess == NULL) || + (sess->ssl_version != s->version) || +#ifdef OPENSSL_NO_TLSEXT + !sess->session_id_length || +#else + (!sess->session_id_length && !sess->tlsext_tick) || +#endif + (sess->not_resumable)) { if (!ssl_get_new_session(s,0)) goto err; |