summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ssl/ssl_sess.c6
-rw-r--r--ssl/statem/extensions_srvr.c8
2 files changed, 11 insertions, 3 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 5e44d4c41f..6513bf84cc 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -761,10 +761,10 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
if ((c != NULL) && (c->session_id_length != 0)) {
if (lck)
CRYPTO_THREAD_write_lock(ctx->lock);
- if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
+ if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
ret = 1;
- r = lh_SSL_SESSION_delete(ctx->sessions, c);
- SSL_SESSION_list_remove(ctx, c);
+ r = lh_SSL_SESSION_delete(ctx->sessions, r);
+ SSL_SESSION_list_remove(ctx, r);
}
c->not_resumable = 1;
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 7c9a3f7a6a..ee4cad124c 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1134,6 +1134,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
if (ret == SSL_TICKET_NO_DECRYPT)
continue;
+ /* Check for replay */
+ if (s->max_early_data > 0
+ && !SSL_CTX_remove_session(s->session_ctx, sess)) {
+ SSL_SESSION_free(sess);
+ sess = NULL;
+ continue;
+ }
+
ticket_age = (uint32_t)ticket_agel;
now = (uint32_t)time(NULL);
agesec = now - (uint32_t)sess->time;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 14:14:08 +0000