Fix from HEAD.

author: Dr. Stephen Henson <steve@openssl.org> 2008-04-25 16:27:25 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2008-04-25 16:27:25 +0000
commit: d3eef3e5afc806ba61ca1b6a1af456b24363eda8 (patch)
tree: c8b5bee46dc3910a7b9df8f9b98c5ff348a3aeec /ssl/s3_srvr.c
parent: c5fbf8c1ba4e116ab7efc5487a0ce8518718bbd7 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index a686718b36..b83a8d7da4 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1115,8 +1115,16 @@ int ssl3_send_server_hello(SSL *s)
 		 * session-id if we want it to be single use.
 		 * Currently I will not implement the '0' length session-id
 		 * 12-Jan-98 - I'll now support the '0' length stuff.
+		 *
+		 * We also have an additional case where stateless session
+		 * resumption is successful: we always send back the old
+		 * session id. In this case s->hit is non zero: this can
+		 * only happen if stateless session resumption is succesful
+		 * if session caching is disabled so existing functionality
+		 * is unaffected.
 		 */
-		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+			&& !s->hit)
 			s->session->session_id_length=0;
 
 		sl=s->session->session_id_length;
author	Dr. Stephen Henson <steve@openssl.org>	2008-04-25 16:27:25 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2008-04-25 16:27:25 +0000
commit	d3eef3e5afc806ba61ca1b6a1af456b24363eda8 (patch)
tree	c8b5bee46dc3910a7b9df8f9b98c5ff348a3aeec /ssl/s3_srvr.c
parent	c5fbf8c1ba4e116ab7efc5487a0ce8518718bbd7 (diff)