diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-03-31 22:52:56 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-08-24 00:52:55 +0900 |
commit | 3fd19b3da6aad51837c31e2840686a10eef85e77 (patch) | |
tree | 36964099c08e85612e0968c86dbf3f5e001661bc | |
parent | 9d951a7872e5fa2b2a83fe8cfda3af5c52581172 (diff) | |
download | openssl-ky/ssl-fix-get-session-cb.tar.gz |
Do not lookup zero-length session IDky/ssl-fix-get-session-cb
A condition was removed by commit 1053a6e2281d; presumably it was an
unintended change. Restore the previous behavior so the get_session_cb
won't be called with zero-length session ID.
-rw-r--r-- | ssl/ssl_sess.c | 3 | ||||
-rw-r--r-- | test/sslapitest.c | 28 |
2 files changed, 22 insertions, 9 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 7336251210..efba7077ae 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -491,7 +491,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) goto err; case TICKET_NONE: case TICKET_EMPTY: - try_session_cache = 1; + if (hello->session_id_len > 0) + try_session_cache = 1; break; case TICKET_NO_DECRYPT: case TICKET_SUCCESS: diff --git a/test/sslapitest.c b/test/sslapitest.c index 622f159f1a..4a9c075375 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -757,7 +757,7 @@ static int test_tlsext_status_type(void) } #endif -static int new_called = 0, remove_called = 0; +static int new_called, remove_called, get_called; static int new_session_cb(SSL *ssl, SSL_SESSION *sess) { @@ -780,6 +780,7 @@ static SSL_SESSION *get_sess_val = NULL; static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len, int *copy) { + get_called++; *copy = 1; return get_sess_val; } @@ -969,7 +970,7 @@ static int execute_test_session(int maxprot, int use_int_cache, SSL_CTX_set_max_proto_version(sctx, maxprot); SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); - new_called = remove_called = 0; + new_called = remove_called = get_called = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL, NULL)) || !TEST_true(create_ssl_connection(serverssl1, clientssl1, @@ -985,7 +986,9 @@ static int execute_test_session(int maxprot, int use_int_cache, if (use_ext_cache) { SSL_SESSION *tmp = sess2; - if (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0)) + if (!TEST_int_eq(new_called, 1) + || !TEST_int_eq(remove_called, 0) + || !TEST_int_eq(get_called, 0)) goto end; /* * Delete the session from the internal cache to force a lookup from @@ -1001,7 +1004,7 @@ static int execute_test_session(int maxprot, int use_int_cache, sess2 = tmp; } - new_called = remove_called = 0; + new_called = remove_called = get_called = 0; get_sess_val = sess2; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2, &clientssl2, NULL, NULL)) @@ -1011,10 +1014,19 @@ static int execute_test_session(int maxprot, int use_int_cache, || !TEST_true(SSL_session_reused(clientssl2))) goto end; - if (use_ext_cache - && (!TEST_int_eq(new_called, 0) - || !TEST_int_eq(remove_called, 0))) - goto end; + if (use_ext_cache) { + if (!TEST_int_eq(new_called, 0) + || !TEST_int_eq(remove_called, 0)) + goto end; + + if (maxprot == TLS1_3_VERSION) { + if (!TEST_int_eq(get_called, 0)) + goto end; + } else { + if (!TEST_int_eq(get_called, 1)) + goto end; + } + } testresult = 1; |