From 673d7ac12144185f9729dd014ccab4fc4d13a43a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Wed, 29 Nov 2000 18:12:32 +0000
Subject: Store verify_result with sessions to avoid potential security hole.
 For the server side this was already done one year ago :-(

---
 ssl/ssl_sess.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ssl/ssl_sess.c')

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 416def8908..7064262def 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -508,6 +508,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
 		if (s->session != NULL)
 			SSL_SESSION_free(s->session);
 		s->session=session;
+		s->verify_result = s->session->verify_result;
 		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
 		ret=1;
 		}
-- 
cgit v1.2.3