{
unsigned int retry = 0;
do
- if (RAND_pseudo_bytes(id, *id_len) <= 0)
+ if (RAND_bytes(id, *id_len) <= 0)
return 0;
while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++retry < MAX_SESS_ID_ATTEMPTS)) ;
else
ss->timeout = s->session_ctx->session_timeout;
- if (s->session != NULL) {
- SSL_SESSION_free(s->session);
- s->session = NULL;
- }
+ SSL_SESSION_free(s->session);
+ s->session = NULL;
if (session) {
if (s->version == SSL3_VERSION) {
if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
goto err;
+ if (session_id + len > limit) {
+ fatal = 1;
+ goto err;
+ }
+
if (len == 0)
try_session_cache = 0;
*/
if (!
(s->session_ctx->session_cache_mode &
- SSL_SESS_CACHE_NO_INTERNAL_STORE))
+ SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
/*
* The following should not return 1, otherwise, things are
* very strange
*/
- SSL_CTX_add_session(s->session_ctx, ret);
+ if (SSL_CTX_add_session(s->session_ctx, ret))
+ goto err;
+ }
}
}
s->session_ctx->stats.sess_hit++;
- if (s->session != NULL)
- SSL_SESSION_free(s->session);
+ SSL_SESSION_free(s->session);
s->session = ret;
s->verify_result = s->session->verify_result;
return 1;
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
- if (ss->sess_cert != NULL)
- ssl_sess_cert_free(ss->sess_cert);
+ ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL)
X509_free(ss->peer);
if (ss->ciphers != NULL)
/* CRYPTO_w_lock(CRYPTO_LOCK_SSL); */
CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
- if (s->session != NULL)
- SSL_SESSION_free(s->session);
+ SSL_SESSION_free(s->session);
s->session = session;
s->verify_result = s->session->verify_result;
/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL); */
ret = 1;
} else {
- if (s->session != NULL) {
- SSL_SESSION_free(s->session);
- s->session = NULL;
- }
-
+ SSL_SESSION_free(s->session);
+ s->session = NULL;
meth = s->ctx->method;
if (meth != s->method) {
if (!SSL_set_ssl_method(s, meth))
return (t);
}
+int SSL_SESSION_has_ticket(const SSL_SESSION *s)
+{
+ return (s->tlsext_ticklen > 0) ? 1 : 0;
+}
+
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
+{
+ return s->tlsext_tick_lifetime_hint;
+}
+
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick,
+ size_t *len)
+{
+ *len = s->tlsext_ticklen;
+ if (tick != NULL)
+ *tick = s->tlsext_tick;
+}
+
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
{
return s->peer;