Remove session checks from SSL_clear()

We now allow a different protocol version when reusing a session so we can unconditionally reset the SSL_METHOD if it has changed. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3954)
author: Matt Caswell <matt@openssl.org> 2017-07-18 16:28:38 +0100
committer: Matt Caswell <matt@openssl.org> 2017-07-18 17:35:52 +0100
commit: 242525372c65d9c92fba970333ceb961abc24ce4 (patch)
tree: b62bf132cbd220a54e7e2e91e0767177e15011ed /ssl
parent: e11b6aa4c93ea89dc600cbcda96c6a2ab05c1b23 (diff)
download: openssl-242525372c65d9c92fba970333ceb961abc24ce4.tar.gz
1 files changed, 2 insertions, 5 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d02e2816b4..be15daad86 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -566,12 +566,9 @@ int SSL_clear(SSL *s)
 
     /*
      * Check to see if we were changed into a different method, if so, revert
-     * back. We always do this in TLSv1.3. Below that we only do it if we are
-     * not doing session-id reuse.
+     * back.
      */
-    if (s->method != s->ctx->method
-            && (SSL_IS_TLS13(s)
-                || (!ossl_statem_get_in_handshake(s) && s->session == NULL))) {
+    if (s->method != s->ctx->method) {
         s->method->ssl_free(s);
         s->method = s->ctx->method;
         if (!s->method->ssl_new(s))
author	Matt Caswell <matt@openssl.org>	2017-07-18 16:28:38 +0100
committer	Matt Caswell <matt@openssl.org>	2017-07-18 17:35:52 +0100
commit	242525372c65d9c92fba970333ceb961abc24ce4 (patch)
tree	b62bf132cbd220a54e7e2e91e0767177e15011ed /ssl
parent	e11b6aa4c93ea89dc600cbcda96c6a2ab05c1b23 (diff)
download	openssl-242525372c65d9c92fba970333ceb961abc24ce4.tar.gz