From f023ba2df821d186d73fefda6fa5cafcc5a3ee39 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 15 Mar 2018 21:02:15 +0000
Subject: Don't update the session cache when processing a client certificate
 in TLSv1.3

We should only update the session cache when we issue a NewSessionTicket.
These are issued automatically after processing a client certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
---
 ssl/statem/statem_srvr.c | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'ssl')

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 5542a78e21..c198aa7246 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3608,9 +3608,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
     sk_X509_pop_free(s->session->peer_chain, X509_free);
     s->session->peer_chain = sk;
 
-    if (new_sess != NULL)
-        ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
     /*
      * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
      * message
-- 
cgit v1.2.3