diff options
| author | Matt Caswell <matt@openssl.org> | 2016-06-13 11:24:15 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-07-19 12:08:49 +0100 |
| commit | e4612d02c53cccd24fa97b08fc01250d1238cca1 (patch) | |
| tree | 60dcaaa62136f24ac1e25a71b53826f4a57be458 /ssl | |
| parent | 941b10bd954f9fb217901e4ad0a31c70972b864d (diff) | |
Remove sessions from external cache, even if internal cache not used.
If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't
removing sessions from the external cache, e.g. if an alert occurs the
session is supposed to be automatically removed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_sess.c | 10 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 11 |
2 files changed, 7 insertions, 14 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 41abe44a82..74250c2d13 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -708,16 +708,16 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) r = lh_SSL_SESSION_delete(ctx->sessions, c); SSL_SESSION_list_remove(ctx, c); } + c->not_resumable = 1; if (lck) CRYPTO_THREAD_unlock(ctx->lock); - if (ret) { - r->not_resumable = 1; - if (ctx->remove_session_cb != NULL) - ctx->remove_session_cb(ctx, r); + if (ret) SSL_SESSION_free(r); - } + + if (ctx->remove_session_cb != NULL) + ctx->remove_session_cb(ctx, c); } else ret = 0; return (ret); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index bef2583c32..4bd5a29f63 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1839,16 +1839,9 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) */ if (i & SSL_SESS_CACHE_CLIENT) { /* - * Remove the old session from the cache + * Remove the old session from the cache. We carry on if this fails */ - if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { - if (s->session_ctx->remove_session_cb != NULL) - s->session_ctx->remove_session_cb(s->session_ctx, - s->session); - } else { - /* We carry on if this fails */ - SSL_CTX_remove_session(s->session_ctx, s->session); - } + SSL_CTX_remove_session(s->session_ctx, s->session); } if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { |