Additional, more descriptive error message for rejection of a session ID

because of missing session ID context (so that application programmers
are directly pointed to what they should do differently).

1 files changed, 5 insertions, 1 deletions

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 259725c7a1..cac408c38e 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -225,7 +225,11 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 	   && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
 	       || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
 	    {
-	    SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+		if (s->sid_ctx_length)
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+		else
+			/* application should have used SSL[_CTX]_set_session_id_context */
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
 	    return 0;
 	    }