If there is already a session set inside B<ssl> (because it was set with
SSL_set_session() before or because the same B<ssl> was already used for
-a connection), SSL_SESSION_free() will be called for that session. If that old
+a connection), SSL_SESSION_free() will be called for that session.
+This is also the case when B<session> is a NULL pointer. If that old
session is still B<open>, it is considered bad and will be removed from the
session cache (if used). A session is considered open, if L<SSL_shutdown(3)> was
not called for the connection (or at least L<SSL_set_shutdown(3)> was used to
=head1 SEE ALSO
-L<ssl(3)>, L<SSL_SESSION_free(3)>,
+L<ssl(7)>, L<SSL_SESSION_free(3)>,
L<SSL_get_session(3)>,
L<SSL_session_reused(3)>,
L<SSL_CTX_set_session_cache_mode(3)>
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.