diff options
-rw-r--r-- | ssl/statem/statem_lib.c | 7 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 14 |
2 files changed, 14 insertions, 7 deletions
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 82a711979d..a82079c2ee 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1043,7 +1043,12 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) ssl3_cleanup_key_block(s); if (s->server) { - ssl_update_cache(s, SSL_SESS_CACHE_SERVER); + /* + * In TLSv1.3 we update the cache as part of constructing the + * NewSessionTicket + */ + if (!SSL_IS_TLS13(s)) + ssl_update_cache(s, SSL_SESS_CACHE_SERVER); /* N.B. s->ctx may not equal s->session_ctx */ CRYPTO_atomic_add(&s->ctx->stats.sess_accept_good, 1, &discard, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 041089cf96..50be8253c5 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3889,12 +3889,14 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); goto err; } - if (SSL_IS_TLS13(s) - && !tls_construct_extensions(s, pkt, - SSL_EXT_TLS1_3_NEW_SESSION_TICKET, - NULL, 0)) { - /* SSLfatal() already called */ - goto err; + if (SSL_IS_TLS13(s)) { + ssl_update_cache(s, SSL_SESS_CACHE_SERVER); + if (!tls_construct_extensions(s, pkt, + SSL_EXT_TLS1_3_NEW_SESSION_TICKET, + NULL, 0)) { + /* SSLfatal() already called */ + goto err; + } } EVP_CIPHER_CTX_free(ctx); HMAC_CTX_free(hctx); |