X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl_sess.c;h=44bc8a377b25d91ea0a44d0ff50387ec59359a3a;hp=f168900dea80bde784019c18a3e8955479eb9edd;hb=e1f02308aeb124168d8a6655e5c822c3b0126260;hpb=739a1eb1961cdc3b1597a040766f3cb359d095f6 diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index f168900dea..44bc8a377b 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -174,7 +174,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } #endif - if(src->ciphers != NULL) { + if (src->ciphers != NULL) { dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); if (dest->ciphers == NULL) goto err; @@ -210,7 +210,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (ticket != 0) { dest->tlsext_tick = OPENSSL_memdup(src->tlsext_tick, src->tlsext_ticklen); - if(dest->tlsext_tick == NULL) + if (dest->tlsext_tick == NULL) goto err; } else { dest->tlsext_tick_lifetime_hint = 0; @@ -359,6 +359,7 @@ int ssl_get_new_session(SSL *s, int session) CRYPTO_THREAD_unlock(s->session_ctx->lock); CRYPTO_THREAD_unlock(s->lock); /* Choose a session ID */ + memset(ss->session_id, 0, ss->session_id_length); tmp = ss->session_id_length; if (!cb(s, ss->session_id, &tmp)) { /* The callback failed */ @@ -471,6 +472,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) SSL_SESSION data; size_t local_len; data.ssl_version = s->version; + memset(data.session_id, 0, sizeof(data.session_id)); if (!PACKET_copy_all(session_id, data.session_id, sizeof(data.session_id), &local_len)) { @@ -706,16 +708,16 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) r = lh_SSL_SESSION_delete(ctx->sessions, c); SSL_SESSION_list_remove(ctx, c); } + c->not_resumable = 1; if (lck) CRYPTO_THREAD_unlock(ctx->lock); - if (ret) { - r->not_resumable = 1; - if (ctx->remove_session_cb != NULL) - ctx->remove_session_cb(ctx, r); + if (ret) SSL_SESSION_free(r); - } + + if (ctx->remove_session_cb != NULL) + ctx->remove_session_cb(ctx, c); } else ret = 0; return (ret); @@ -774,28 +776,20 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss) int SSL_set_session(SSL *s, SSL_SESSION *session) { - int ret = 0; - if (session != NULL) { - if (s->ctx->method != s->method) { - if (!SSL_set_ssl_method(s, s->ctx->method)) - return (0); - } + ssl_clear_bad_session(s); + if (s->ctx->method != s->method) { + if (!SSL_set_ssl_method(s, s->ctx->method)) + return 0; + } + if (session != NULL) { SSL_SESSION_up_ref(session); - SSL_SESSION_free(s->session); - s->session = session; - s->verify_result = s->session->verify_result; - ret = 1; - } else { - SSL_SESSION_free(s->session); - s->session = NULL; - if (s->ctx->method != s->method) { - if (!SSL_set_ssl_method(s, s->ctx->method)) - return (0); - } - ret = 1; + s->verify_result = session->verify_result; } - return (ret); + SSL_SESSION_free(s->session); + s->session = session; + + return 1; } long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) @@ -828,6 +822,11 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t) return (t); } +int SSL_SESSION_get_protocol_version(const SSL_SESSION *s) +{ + return s->ssl_version; +} + const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s) { return s->tlsext_hostname; @@ -989,7 +988,7 @@ int ssl_clear_bad_session(SSL *s) if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) && !(SSL_in_init(s) || SSL_in_before(s))) { - SSL_CTX_remove_session(s->ctx, s->session); + SSL_CTX_remove_session(s->session_ctx, s->session); return (1); } else return (0);