diff options
author | Geoff Thorpe <geoff@openssl.org> | 2001-02-23 00:02:56 +0000 |
---|---|---|
committer | Geoff Thorpe <geoff@openssl.org> | 2001-02-23 00:02:56 +0000 |
commit | f85c9904c65204cbb6d97814ddf23431c31d1509 (patch) | |
tree | 40d32f66960b8e9806690844fe65ff80b4b25bae /ssl/ssl.h | |
parent | 48bf4aae24bf1f8fd63067f08ccd5f3ea827f478 (diff) | |
download | openssl-f85c9904c65204cbb6d97814ddf23431c31d1509.tar.gz |
Fix an oversight - when checking a potential session ID for conflicts with
an SSL_CTX's session cache, it is necessary to compare the ssl_version at
the same time (a conflict is defined, courtesy of SSL_SESSION_cmp(), as a
matching id/id_length pair and a matching ssl_version). However, the
SSL_SESSION that will result from the current negotiation does not
necessarily have the same ssl version as the "SSL_METHOD" in use by the
SSL_CTX - part of the work in a handshake is to agree on an ssl version!
This is fixed by having the check function accept an SSL pointer rather
than the SSL_CTX it belongs to.
[Thanks to Lutz for illuminating the full extent of my stupidity]
Diffstat (limited to 'ssl/ssl.h')
-rw-r--r-- | ssl/ssl.h | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -391,7 +391,7 @@ typedef struct ssl_session_st * callbacks should themselves check if the id they generate is unique otherwise * the SSL handshake will fail with an error - callbacks can do this using the * 'ssl' value they're passed by; - * SSL_CTX_has_matching_session_id(ssl->ctx, id, *id_len) + * SSL_has_matching_session_id(ssl, id, *id_len) * The length value passed in is set at the maximum size the session ID can be. * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback * can alter this length to be less if desired, but under SSLv2 session IDs are @@ -1054,7 +1054,7 @@ int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); -int SSL_CTX_has_matching_session_id(const SSL_CTX *ctx, const unsigned char *id, +int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, unsigned int id_len); SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length); |