Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'

to indicate that a real handshake is taking place (the value will be
lost during multiple invocations). Set s->new_session to 2 instead.

1 files changed, 3 insertions, 4 deletions

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 3ef6eeeb71..cc2a773a3c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -168,7 +168,6 @@ int ssl3_accept(SSL *s)
 	long num1;
 	int ret= -1;
 	int new_state,state,skip=0;
-	int got_new_session=0;
 
 	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
@@ -281,7 +280,7 @@ int ssl3_accept(SSL *s)
 			s->shutdown=0;
 			ret=ssl3_get_client_hello(s);
 			if (ret <= 0) goto end;
-			got_new_session=1;
+			s->new_session = 2;
 			s->state=SSL3_ST_SW_SRVR_HELLO_A;
 			s->init_num=0;
 			break;
@@ -524,7 +523,7 @@ int ssl3_accept(SSL *s)
 
 			s->init_num=0;
 
-			if (got_new_session) /* skipped if we just sent a HelloRequest */
+			if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
 				{
 				/* actually not necessarily a 'new' session unless
 				 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */