diff options
| author | Geoff Thorpe <geoff@openssl.org> | 2001-02-23 00:02:56 +0000 |
|---|---|---|
| committer | Geoff Thorpe <geoff@openssl.org> | 2001-02-23 00:02:56 +0000 |
| commit | f85c9904c65204cbb6d97814ddf23431c31d1509 (patch) | |
| tree | 40d32f66960b8e9806690844fe65ff80b4b25bae /ssl/ssl_sess.c | |
| parent | 48bf4aae24bf1f8fd63067f08ccd5f3ea827f478 (diff) | |
| download | openssl-f85c9904c65204cbb6d97814ddf23431c31d1509.tar.gz | |
Fix an oversight - when checking a potential session ID for conflicts with
an SSL_CTX's session cache, it is necessary to compare the ssl_version at
the same time (a conflict is defined, courtesy of SSL_SESSION_cmp(), as a
matching id/id_length pair and a matching ssl_version). However, the
SSL_SESSION that will result from the current negotiation does not
necessarily have the same ssl version as the "SSL_METHOD" in use by the
SSL_CTX - part of the work in a handshake is to agree on an ssl version!
This is fixed by having the check function accept an SSL pointer rather
than the SSL_CTX it belongs to.
[Thanks to Lutz for illuminating the full extent of my stupidity]
Diffstat (limited to 'ssl/ssl_sess.c')
| -rw-r--r-- | ssl/ssl_sess.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index a5270ce502..5bfc8ccf6a 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -146,7 +146,7 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id, unsigned int retry = 0; do RAND_pseudo_bytes(id, *id_len); - while(SSL_CTX_has_matching_session_id(ssl->ctx, id, *id_len) && + while(SSL_has_matching_session_id(ssl, id, *id_len) && (++retry < MAX_SESS_ID_ATTEMPTS)); if(retry < MAX_SESS_ID_ATTEMPTS) return 1; @@ -240,7 +240,7 @@ int ssl_get_new_session(SSL *s, int session) else ss->session_id_length = tmp; /* Finally, check for a conflict */ - if(SSL_CTX_has_matching_session_id(s->ctx, ss->session_id, + if(SSL_has_matching_session_id(s, ss->session_id, ss->session_id_length)) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, |