diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-04-25 16:27:04 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-04-25 16:27:04 +0000 |
commit | dc634aff252943c5f61fa1a245a4206259cf941f (patch) | |
tree | bbb35b18839fbccf2cb469bfbb134020b971ef46 /ssl | |
parent | 8e3b2dbb31819b880886bfd275510c650ff264ea (diff) |
Don't send zero length session ID if stateless session resupmtion is
successful. Check be seeing if there is a cache hit.
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_srvr.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 3d63e2e89d..2ff4bc7ebd 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1145,8 +1145,16 @@ int ssl3_send_server_hello(SSL *s) * session-id if we want it to be single use. * Currently I will not implement the '0' length session-id * 12-Jan-98 - I'll now support the '0' length stuff. + * + * We also have an additional case where stateless session + * resumption is successful: we always send back the old + * session id. In this case s->hit is non zero: this can + * only happen if stateless session resumption is succesful + * if session caching is disabled so existing functionality + * is unaffected. */ - if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) + if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) + && !s->hit) s->session->session_id_length=0; sl=s->session->session_id_length; |