- if (s->sid_ctx_length)
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
- else
- /* application should have used SSL[_CTX]_set_session_id_context */
+ /* We've found the session named by the client, but we don't
+ * want to use it in this context. */
+
+ if (s->sid_ctx_length == 0)
+ {
+ /* application should have used SSL[_CTX]_set_session_id_context
+ * -- we could tolerate this and just pretend we never heard
+ * of this session, but then applications could effectively
+ * disable the session cache by accident without anyone noticing */
+