Fix new_session_cb calls in TLSv1.3

If a new_session_cb is set then it was only ever getting invoked if !s->hit is true. This is sensible for <=TLSv1.2 but does not work for TLSv1.3. Fixes #4045 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4068)
author: Matt Caswell <matt@openssl.org> 2017-08-01 10:49:47 +0100
committer: Matt Caswell <matt@openssl.org> 2017-08-01 13:09:31 +0100
commit: 5d61491c8816ebad172340aafce713e9654dea94 (patch)
tree: c43deab8c5fef24579f1eb56efe9aabfcde6db81 /ssl/statem/statem_lib.c
parent: c290853878ed2a6988521c01a8f675ed959ab5cc (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index a6baf2a5c9..08d5f416f3 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1028,7 +1028,12 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs)
             s->ctx->stats.sess_accept_good++;
             s->handshake_func = ossl_statem_accept;
         } else {
-            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+            /*
+             * In TLSv1.3 we update the cache as part of processing the
+             * NewSessionTicket
+             */
+            if (!SSL_IS_TLS13(s))
+                ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
             if (s->hit)
                 s->ctx->stats.sess_hit++;
author	Matt Caswell <matt@openssl.org>	2017-08-01 10:49:47 +0100
committer	Matt Caswell <matt@openssl.org>	2017-08-01 13:09:31 +0100
commit	5d61491c8816ebad172340aafce713e9654dea94 (patch)
tree	c43deab8c5fef24579f1eb56efe9aabfcde6db81 /ssl/statem/statem_lib.c
parent	c290853878ed2a6988521c01a8f675ed959ab5cc (diff)