- if (s->version == SSL3_VERSION) {
- ss->ssl_version = SSL3_VERSION;
- ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
- } else if (s->version == TLS1_VERSION) {
- ss->ssl_version = TLS1_VERSION;
- ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
- } else if (s->version == TLS1_1_VERSION) {
- ss->ssl_version = TLS1_1_VERSION;
- ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
- } else if (s->version == TLS1_2_VERSION) {
- ss->ssl_version = TLS1_2_VERSION;
- ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
- } else if (s->version == DTLS1_BAD_VER) {
- ss->ssl_version = DTLS1_BAD_VER;
- ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
- } else if (s->version == DTLS1_VERSION) {
- ss->ssl_version = DTLS1_VERSION;
- ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
- } else if (s->version == DTLS1_2_VERSION) {
- ss->ssl_version = DTLS1_2_VERSION;
- ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
- } else {
- SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
- SSL_SESSION_free(ss);
- return (0);
- }
-
- /*-
- * If RFC5077 ticket, use empty session ID (as server).
- * Note that:
- * (a) ssl_get_prev_session() does lookahead into the
- * ClientHello extensions to find the session ticket.
- * When ssl_get_prev_session() fails, statem_srvr.c calls
- * ssl_get_new_session() in tls_process_client_hello().
- * At that point, it has not yet parsed the extensions,
- * however, because of the lookahead, it already knows
- * whether a ticket is expected or not.
- *
- * (b) statem_clnt.c calls ssl_get_new_session() before parsing
- * ServerHello extensions, and before recording the session
- * ID received from the server, so this block is a noop.
- */
- if (s->tlsext_ticket_expected) {
- ss->session_id_length = 0;
- goto sess_id_done;
- }
-
- /* Choose which callback will set the session ID */
- CRYPTO_THREAD_read_lock(s->lock);
- CRYPTO_THREAD_read_lock(s->session_ctx->lock);
- if (s->generate_session_id)
- cb = s->generate_session_id;
- else if (s->session_ctx->generate_session_id)
- cb = s->session_ctx->generate_session_id;
- CRYPTO_THREAD_unlock(s->session_ctx->lock);
- CRYPTO_THREAD_unlock(s->lock);
- /* Choose a session ID */
- tmp = ss->session_id_length;
- if (!cb(s, ss->session_id, &tmp)) {
- /* The callback failed */
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,
- SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
- SSL_SESSION_free(ss);
- return (0);
- }
- /*
- * Don't allow the callback to set the session length to zero. nor
- * set it higher than it was.
- */
- if (tmp == 0 || tmp > ss->session_id_length) {
- /* The callback set an illegal length */
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,
- SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);