Remove session checks from SSL_clear()
authorMatt Caswell <matt@openssl.org>
Tue, 18 Jul 2017 15:28:38 +0000 (16:28 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 18 Jul 2017 16:35:52 +0000 (17:35 +0100)
We now allow a different protocol version when reusing a session so we can
unconditionally reset the SSL_METHOD if it has changed.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3954)

ssl/ssl_lib.c

index d02e281..be15daa 100644 (file)
@@ -566,12 +566,9 @@ int SSL_clear(SSL *s)
 
     /*
      * Check to see if we were changed into a different method, if so, revert
-     * back. We always do this in TLSv1.3. Below that we only do it if we are
-     * not doing session-id reuse.
+     * back.
      */
-    if (s->method != s->ctx->method
-            && (SSL_IS_TLS13(s)
-                || (!ossl_statem_get_in_handshake(s) && s->session == NULL))) {
+    if (s->method != s->ctx->method) {
         s->method->ssl_free(s);
         s->method = s->ctx->method;
         if (!s->method->ssl_new(s))