Fix statless session resumption so it can coexist with SNI

author: Dr. Stephen Henson <steve@openssl.org> 2009-10-30 13:22:44 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-10-30 13:22:44 +0000
commit: 3d0b604c1450e0c8995d0691f91a43ee6403e539 (patch)
tree: 1d10891b37d9a065360558ee209696fb1444ac13 /CHANGES
parent: 257b2bfb6ce9b72e4803cac1ad25ae005a7827da (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 58695d5d7b..e56fd1b396 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 0.9.8k and 1.0  [xx XXX xxxx]
 
+  *) Fixes to stateless session resumption handling. Use initial_ctx when
+     issuing and attempting to decrypt tickets in case it has changed during
+     servername handling. Use a non-zero length session ID when attempting
+     stateless session resumption: this makes it possible to determine if
+     a resumption has occurred immediately after receiving server hello 
+     (several places in OpenSSL subtly assume this) instead of later in
+     the handshake.
+     [Steve Henson]
+
   *) Update OCSP request code to permit adding custom headers to the request:
      some responders need this.
      [Steve Henson]
author	Dr. Stephen Henson <steve@openssl.org>	2009-10-30 13:22:44 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-10-30 13:22:44 +0000
commit	3d0b604c1450e0c8995d0691f91a43ee6403e539 (patch)
tree	1d10891b37d9a065360558ee209696fb1444ac13 /CHANGES
parent	257b2bfb6ce9b72e4803cac1ad25ae005a7827da (diff)