projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Always return errors in ssl3_get_client_hello
[openssl.git] / ssl / ssl_sess.c
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 05e4fb9fda27470fe85ff92f0458c668c979eb97..90f92b2d11fa4927e8719a938448f74290408f15 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -328,6 +328,11 @@ int ssl_get_new_session(SSL *s, int session)
                        ss->ssl_version=DTLS1_VERSION;
                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
                        }
+               else if (s->version == DTLS1_2_VERSION)
+                       {
+                       ss->ssl_version=DTLS1_2_VERSION;
+                       ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+                       }
                else
                        {
                        SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
@@ -393,32 +398,6 @@ int ssl_get_new_session(SSL *s, int session)
                                return 0;
                                }
                        }
-#ifndef OPENSSL_NO_EC
-               if (s->tlsext_ecpointformatlist)
-                       {
-                       if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
-                       if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
-                               {
-                               SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
-                               SSL_SESSION_free(ss);
-                               return 0;
-                               }
-                       ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
-                       memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
-                       }
-               if (s->tlsext_ellipticcurvelist)
-                       {
-                       if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
-                       if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
-                               {
-                               SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
-                               SSL_SESSION_free(ss);
-                               return 0;
-                               }
-                       ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length;
-                       memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
-                       }
-#endif
 #endif
                }
        else
@@ -615,12 +594,14 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
        if (ret != NULL)
                {
                SSL_SESSION_free(ret);
+#ifndef OPENSSL_NO_TLSEXT
                if (!try_session_cache)
                        {
                        /* The session was from a ticket, so we should
                         * issue a ticket for the new session */
                        s->tlsext_ticket_expected = 1;
                        }
+#endif
                }
        if (fatal)
                return -1;
@@ -765,6 +746,8 @@ void SSL_SESSION_free(SSL_SESSION *ss)
        ss->tlsext_ellipticcurvelist_length = 0;
        if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
 #endif /* OPENSSL_NO_EC */
+       if (ss->audit_proof != NULL) OPENSSL_free(ss->audit_proof);
+       ss->audit_proof_length = 0;
 #endif
 #ifndef OPENSSL_NO_PSK
        if (ss->psk_identity_hint != NULL)
@@ -886,6 +869,15 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
        return 1;
        }
 
+#ifndef OPENSSL_NO_TLSEXT
+unsigned char *SSL_SESSION_get_tlsext_authz_server_audit_proof(SSL_SESSION *s, size_t *proof_length)
+       {
+       if (s->audit_proof != NULL)
+               *proof_length = s->audit_proof_length;
+       return s->audit_proof;
+       }
+#endif
+
 long SSL_CTX_set_timeout(SSL_CTX *s, long t)
        {
        long l;
Unnamed repository; edit this file 'description' to name the repository.