diff options
author | Matt Caswell <matt@openssl.org> | 2017-07-18 16:28:38 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-07-18 17:35:52 +0100 |
commit | 242525372c65d9c92fba970333ceb961abc24ce4 (patch) | |
tree | b62bf132cbd220a54e7e2e91e0767177e15011ed /ssl | |
parent | e11b6aa4c93ea89dc600cbcda96c6a2ab05c1b23 (diff) | |
download | openssl-242525372c65d9c92fba970333ceb961abc24ce4.tar.gz |
Remove session checks from SSL_clear()
We now allow a different protocol version when reusing a session so we can
unconditionally reset the SSL_METHOD if it has changed.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3954)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d02e2816b4..be15daad86 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -566,12 +566,9 @@ int SSL_clear(SSL *s) /* * Check to see if we were changed into a different method, if so, revert - * back. We always do this in TLSv1.3. Below that we only do it if we are - * not doing session-id reuse. + * back. */ - if (s->method != s->ctx->method - && (SSL_IS_TLS13(s) - || (!ossl_statem_get_in_handshake(s) && s->session == NULL))) { + if (s->method != s->ctx->method) { s->method->ssl_free(s); s->method = s->ctx->method; if (!s->method->ssl_new(s)) |