Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'

to indicate that a real handshake is taking place (the value will be lost during multiple invocations). Set s->new_session to 2 instead.
author: Bodo Möller <bodo@openssl.org> 2002-01-14 23:40:26 +0000
committer: Bodo Möller <bodo@openssl.org> 2002-01-14 23:40:26 +0000
commit: 8c74b5e56ce4515c8f0c16a79788cf083f8c101e (patch)
tree: 26d1e17a85a2f42ffcc3a17c8e1e610c352b81f6 /CHANGES
parent: c59ba5b5287b6e4ab6bd8e097baab579622d8160 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 7dbede58f6..db838b0509 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,19 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
+     ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
+     variable as an indication that a ClientHello message has been
+     received.  As the flag value will be lost between multiple
+     invocations of ssl3_accept when using non-blocking I/O, the
+     function may not be aware that a handshake has actually taken
+     place, thus preventing a new session from being added to the
+     session cache.
+
+     To avoid this problem, we now set s->new_session to 2 instead of
+     using a local variable.
+     [Lutz Jaenicke, Bodo Moeller]
+
   *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
      if the SSL_R_LENGTH_MISMATCH error is detected.
      [Geoff Thorpe, Bodo Moeller]
author	Bodo Möller <bodo@openssl.org>	2002-01-14 23:40:26 +0000
committer	Bodo Möller <bodo@openssl.org>	2002-01-14 23:40:26 +0000
commit	8c74b5e56ce4515c8f0c16a79788cf083f8c101e (patch)
tree	26d1e17a85a2f42ffcc3a17c8e1e610c352b81f6 /CHANGES
parent	c59ba5b5287b6e4ab6bd8e097baab579622d8160 (diff)