Only accept early_data if the negotiated ALPN is the same

[openssl.git] / ssl / ssl_sess.c

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index b5bb427a833e94c5d322c9153a8acc1c367f4708..cc9eeadc1282a97fe0a4c0bb20a67aeb297a16eb 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -501,7 +501,6 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al)
         SSL_SESSION data;
 
         data.ssl_version = s->version;
-        memset(data.session_id, 0, sizeof(data.session_id));
         memcpy(data.session_id, hello->session_id, hello->session_id_len);
         data.session_id_length = hello->session_id_len;
 
@@ -640,9 +639,9 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al)
     if (fatal) {
         *al = SSL_AD_INTERNAL_ERROR;
         return -1;
-    } else {
-        return 0;
     }
+
+    return 0;
 }
 
 int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
@@ -792,6 +791,7 @@ void SSL_SESSION_free(SSL_SESSION *ss)
 #ifndef OPENSSL_NO_SRP
     OPENSSL_free(ss->srp_username);
 #endif
+    OPENSSL_free(ss->ext.alpn_selected);
     CRYPTO_THREAD_lock_free(ss->lock);
     OPENSSL_clear_free(ss, sizeof(*ss));
 }