Store verify_result with sessions to avoid potential security hole.

author: Bodo Möller <bodo@openssl.org> 1999-11-16 23:15:41 +0000
committer: Bodo Möller <bodo@openssl.org> 1999-11-16 23:15:41 +0000
commit: b1fe6ca175bdbb51a064c1e5519b21d80804e7c6 (patch)
tree: 10b79bff688db09e68db3edba6872022c4af1459 /ssl/ssl_sess.c
parent: 91895a5938695348ebfb6211325cc6e3e449e955 (diff)
download: openssl-b1fe6ca175bdbb51a064c1e5519b21d80804e7c6.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 4dddf627cd..57ee7eb3c5 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -112,6 +112,7 @@ SSL_SESSION *SSL_SESSION_new(void)
 		}
 	memset(ss,0,sizeof(SSL_SESSION));
 
+	ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
 	ss->references=1;
 	ss->timeout=60*5+4; /* 5 minute timeout by default */
 	ss->time=time(NULL);
@@ -190,6 +191,7 @@ int ssl_get_new_session(SSL *s, int session)
 	ss->sid_ctx_length=s->sid_ctx_length;
 	s->session=ss;
 	ss->ssl_version=s->version;
+	ss->verify_result = X509_V_OK;
 
 	return(1);
 	}
@@ -320,6 +322,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 	if (s->session != NULL)
 		SSL_SESSION_free(s->session);
 	s->session=ret;
+	s->verify_result = s->session->verify_result;
 	return(1);
 
  err:
author	Bodo Möller <bodo@openssl.org>	1999-11-16 23:15:41 +0000
committer	Bodo Möller <bodo@openssl.org>	1999-11-16 23:15:41 +0000
commit	b1fe6ca175bdbb51a064c1e5519b21d80804e7c6 (patch)
tree	10b79bff688db09e68db3edba6872022c4af1459 /ssl/ssl_sess.c
parent	91895a5938695348ebfb6211325cc6e3e449e955 (diff)
download	openssl-b1fe6ca175bdbb51a064c1e5519b21d80804e7c6.tar.gz