diff options
author | Matt Caswell <matt@openssl.org> | 2018-06-26 18:06:45 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-07-03 09:44:35 +0100 |
commit | 1f1563216d6827e1dc8212795344c82e0f5d5933 (patch) | |
tree | cd20d08724295f408cd796ad88352c46b6e06ebd /ssl/statem/statem_clnt.c | |
parent | c36b39b5cd685fc5eae84ece247e7873a27d8834 (diff) |
Restore behaviour from commit 36ff232cf that was incorrectly removed
In TLSv1.2 and below we should remove an old session from the client
session cache in the event that we receive a new session ticket from the
server.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6601)
Diffstat (limited to 'ssl/statem/statem_clnt.c')
-rw-r--r-- | ssl/statem/statem_clnt.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index ff353842f9..26be9cb6b8 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2591,6 +2591,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) */ if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) { SSL_SESSION *new_sess; + /* * We reused an existing session, so we need to replace it with a new * one @@ -2602,6 +2603,16 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) goto err; } + if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0 + && !SSL_IS_TLS13(s)) { + /* + * In TLSv1.2 and below the arrival of a new tickets signals that + * any old ticket we were using is now out of date, so we remove the + * old session from the cache. We carry on if this fails + */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + SSL_SESSION_free(s->session); s->session = new_sess; } |