diff options
author | Matt Caswell <matt@openssl.org> | 2018-07-16 14:57:35 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-07-17 10:12:10 +0100 |
commit | 84475ccb70da709c9a0035561429a34700b565d9 (patch) | |
tree | 385cf0d60d170fb8ae7518923257c44bc7f4f164 /ssl/statem/statem_srvr.c | |
parent | 57fd517066418472b3280a975823405fb8f2f43d (diff) |
Don't remove sessions from the cache during PHA in TLSv1.3
If we issue new tickets due to post-handshake authentication there is no
reason to remove previous tickets from the cache. The code that did that
only removed the last session anyway - so if more than one ticket got
issued then those other tickets are still valid.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6722)
Diffstat (limited to 'ssl/statem/statem_srvr.c')
-rw-r--r-- | ssl/statem/statem_srvr.c | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 5c59eb8b1e..01b07a9346 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3648,8 +3648,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) */ if (s->post_handshake_auth == SSL_PHA_REQUESTED) { - int m = s->session_ctx->session_cache_mode; - if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, @@ -3657,13 +3655,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) goto err; } - if (m & SSL_SESS_CACHE_SERVER) { - /* - * Remove the old session from the cache. We carry on if this fails - */ - SSL_CTX_remove_session(s->session_ctx, s->session); - } - SSL_SESSION_free(s->session); s->session = new_sess; } |