Remove sessions from external cache, even if internal cache not used.

If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't removing sessions from the external cache, e.g. if an alert occurs the session is supposed to be automatically removed. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-06-13 11:24:15 +0100
committer: Matt Caswell <matt@openssl.org> 2016-07-19 12:08:49 +0100
commit: e4612d02c53cccd24fa97b08fc01250d1238cca1 (patch)
tree: 60dcaaa62136f24ac1e25a71b53826f4a57be458 /ssl/ssl_sess.c
parent: 941b10bd954f9fb217901e4ad0a31c70972b864d (diff)
download: openssl-e4612d02c53cccd24fa97b08fc01250d1238cca1.tar.gz
1 files changed, 5 insertions, 5 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 41abe44a82..74250c2d13 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -708,16 +708,16 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
             r = lh_SSL_SESSION_delete(ctx->sessions, c);
             SSL_SESSION_list_remove(ctx, c);
         }
+        c->not_resumable = 1;
 
         if (lck)
             CRYPTO_THREAD_unlock(ctx->lock);
 
-        if (ret) {
-            r->not_resumable = 1;
-            if (ctx->remove_session_cb != NULL)
-                ctx->remove_session_cb(ctx, r);
+        if (ret)
             SSL_SESSION_free(r);
-        }
+
+        if (ctx->remove_session_cb != NULL)
+            ctx->remove_session_cb(ctx, c);
     } else
         ret = 0;
     return (ret);
author	Matt Caswell <matt@openssl.org>	2016-06-13 11:24:15 +0100
committer	Matt Caswell <matt@openssl.org>	2016-07-19 12:08:49 +0100
commit	e4612d02c53cccd24fa97b08fc01250d1238cca1 (patch)
tree	60dcaaa62136f24ac1e25a71b53826f4a57be458 /ssl/ssl_sess.c
parent	941b10bd954f9fb217901e4ad0a31c70972b864d (diff)
download	openssl-e4612d02c53cccd24fa97b08fc01250d1238cca1.tar.gz