From 242525372c65d9c92fba970333ceb961abc24ce4 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 18 Jul 2017 16:28:38 +0100
Subject: [PATCH] Remove session checks from SSL_clear()

We now allow a different protocol version when reusing a session so we can
unconditionally reset the SSL_METHOD if it has changed.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3954)
---
 ssl/ssl_lib.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d02e2816b4..be15daad86 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -566,12 +566,9 @@ int SSL_clear(SSL *s)
 
     /*
      * Check to see if we were changed into a different method, if so, revert
-     * back. We always do this in TLSv1.3. Below that we only do it if we are
-     * not doing session-id reuse.
+     * back.
      */
-    if (s->method != s->ctx->method
-            && (SSL_IS_TLS13(s)
-                || (!ossl_statem_get_in_handshake(s) && s->session == NULL))) {
+    if (s->method != s->ctx->method) {
         s->method->ssl_free(s);
         s->method = s->ctx->method;
         if (!s->method->ssl_new(s))
-- 
2.34.1