projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 284d19c) | patch
Don't write the tick_identity to the session
authorMatt Caswell <matt@openssl.org>
Fri, 1 Mar 2019 15:40:20 +0000 (15:40 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 5 Mar 2019 14:23:36 +0000 (14:23 +0000)
commitc96ce52ce293785b54a42d119c457aef739cc2ce
tree6c3a2bf1228eeb93c046b025f9eac40573a81385tree | snapshot
parent284d19c2ced0264bd46de61718aa4a60efa8d175commit | diff
Don't write the tick_identity to the session

Sessions must be immutable once they can be shared with multiple threads.
We were breaking that rule by writing the ticket index into it during the
handshake. This can lead to incorrect behaviour, including failed
connections in multi-threaded environments.

Reported by David Benjamin.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8383)
ssl/ssl_locl.h diff | blob | history
ssl/statem/extensions.c diff | blob | history
ssl/statem/extensions_clnt.c diff | blob | history
ssl/statem/extensions_srvr.c diff | blob | history
ssl/statem/statem_clnt.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.