If there is already a session set inside B<ssl> (because it was set with
SSL_set_session() before or because the same B<ssl> was already used for
-a connection), SSL_SESSION_free() will be called for that session. If that old
+a connection), SSL_SESSION_free() will be called for that session.
+This is also the case when B<session> is a NULL pointer. If that old
session is still B<open>, it is considered bad and will be removed from the
session cache (if used). A session is considered open, if L<SSL_shutdown(3)> was
not called for the connection (or at least L<SSL_set_shutdown(3)> was used to