diff options
author | Fedor Indutny <fedor@indutny.com> | 2016-03-11 17:44:01 +0300 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2016-03-27 23:58:50 +0200 |
commit | ccae4a1582efcad311d095a8e6832b2b67d5ed05 (patch) | |
tree | a07c60e09166c40dcd6142f4c37888cb570f6ef1 /ssl/ssl_sess.c | |
parent | ce84456ddf4e57c18a84858755b8b90c183a270e (diff) |
Allow different protocol version when trying to reuse a session
We now send the highest supported version by the client, even if the session
uses an older version.
This fixes 2 problems:
- When you try to reuse a session but the other side doesn't reuse it and
uses a different protocol version the connection will fail.
- When you're trying to reuse a session with an old version you might be
stuck trying to reuse the old version while both sides support a newer
version
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
GH: #852, MR: #2452
Diffstat (limited to 'ssl/ssl_sess.c')
-rw-r--r-- | ssl/ssl_sess.c | 19 |
1 files changed, 4 insertions, 15 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 3f030a76eb..70e2683ee4 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -872,19 +872,9 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss) int SSL_set_session(SSL *s, SSL_SESSION *session) { int ret = 0; - const SSL_METHOD *meth; - if (session != NULL) { - meth = s->ctx->method->get_ssl_method(session->ssl_version); - if (meth == NULL) - meth = s->method->get_ssl_method(session->ssl_version); - if (meth == NULL) { - SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD); - return (0); - } - - if (meth != s->method) { - if (!SSL_set_ssl_method(s, meth)) + if (s->ctx->method != s->method) { + if (!SSL_set_ssl_method(s, s->ctx->method)) return (0); } @@ -896,9 +886,8 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) } else { SSL_SESSION_free(s->session); s->session = NULL; - meth = s->ctx->method; - if (meth != s->method) { - if (!SSL_set_ssl_method(s, meth)) + if (s->ctx->method != s->method) { + if (!SSL_set_ssl_method(s, s->ctx->method)) return (0); } ret = 1; |