#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/ct.h>
+#include "internal/cryptlib.h"
const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
/*
* Check to see if we were changed into a different method, if so, revert
- * back. We always do this in TLSv1.3. Below that we only do it if we are
- * not doing session-id reuse.
+ * back.
*/
- if (s->method != s->ctx->method
- && (SSL_IS_TLS13(s)
- || (!ossl_statem_get_in_handshake(s) && s->session == NULL))) {
+ if (s->method != s->ctx->method) {
s->method->ssl_free(s);
s->method = s->ctx->method;
if (!s->method->ssl_new(s))
return;
i = s->session_ctx->session_cache_mode;
- if ((i & mode) && (!s->hit)
- && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+ if ((i & mode) != 0
+ && (!s->hit || SSL_IS_TLS13(s))
+ && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0
|| SSL_CTX_add_session(s->session_ctx, s->session))
- && (s->session_ctx->new_session_cb != NULL)) {
+ && s->session_ctx->new_session_cb != NULL) {
SSL_SESSION_up_ref(s->session);
if (!s->session_ctx->new_session_cb(s, s->session))
SSL_SESSION_free(s->session);
s->method->ssl_renegotiate_check(s, 0);
+ if (SSL_is_server(s)) {
+ /* clear SNI settings at server-side */
+ OPENSSL_free(s->ext.hostname);
+ s->ext.hostname = NULL;
+ }
+
if (SSL_in_init(s) || SSL_in_before(s)) {
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
return 0;
}
+int SSL_free_buffers(SSL *ssl)
+{
+ RECORD_LAYER *rl = &ssl->rlayer;
+
+ if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
+ return 0;
+
+ RECORD_LAYER_release(rl);
+ return 1;
+}
+
+int SSL_alloc_buffers(SSL *ssl)
+{
+ return ssl3_setup_buffers(ssl);
+}
+
void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
{
ctx->keylog_callback = cb;