diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-03-31 22:52:56 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-06-14 23:10:39 +0900 |
commit | 9c894895b7e74a63eabe3188c9c42c068ffb08f4 (patch) | |
tree | 85fb7fef3c89365b78ce54fd29ddcb2dfa7e401b /ssl/ssl_sess.c | |
parent | 5419dadd4bd1f7abbfa23326ca766d2c143f257c (diff) | |
download | openssl-9c894895b7e74a63eabe3188c9c42c068ffb08f4.tar.gz |
Do not attempt session resumption on initial handshake
A condition was removed by commit 1053a6e2281d ("Implement Server side
of PSK extension parsing", 2017-01-18); presumably it was by accident.
Restore the previous behavior so that the get_session_cb won't be called
with zero-length session ID.
Diffstat (limited to 'ssl/ssl_sess.c')
-rw-r--r-- | ssl/ssl_sess.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index b17fcdcb54..10e89ed4fb 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -494,6 +494,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al) goto err; case TICKET_NONE: case TICKET_EMPTY: + if (hello->session_id_len == 0) + goto err; try_session_cache = 1; break; case TICKET_NO_DECRYPT: |