Do not lookup zero-length session ID
A condition was removed by commit 1053a6e2281d; presumably it was an unintended change. Restore the previous behavior so the get_session_cb won't be called with zero-length session ID. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4236)
This commit is contained in:
parent
0139ce7c92
commit
0afca8113e
2 changed files with 22 additions and 9 deletions
|
@ -491,6 +491,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al)
|
|||
goto err;
|
||||
case TICKET_NONE:
|
||||
case TICKET_EMPTY:
|
||||
if (hello->session_id_len > 0)
|
||||
try_session_cache = 1;
|
||||
break;
|
||||
case TICKET_NO_DECRYPT:
|
||||
|
|
|
@ -757,7 +757,7 @@ static int test_tlsext_status_type(void)
|
|||
}
|
||||
#endif
|
||||
|
||||
static int new_called = 0, remove_called = 0;
|
||||
static int new_called, remove_called, get_called;
|
||||
|
||||
static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
|
||||
{
|
||||
|
@ -780,6 +780,7 @@ static SSL_SESSION *get_sess_val = NULL;
|
|||
static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len,
|
||||
int *copy)
|
||||
{
|
||||
get_called++;
|
||||
*copy = 1;
|
||||
return get_sess_val;
|
||||
}
|
||||
|
@ -969,7 +970,7 @@ static int execute_test_session(int maxprot, int use_int_cache,
|
|||
|
||||
SSL_CTX_set_max_proto_version(sctx, maxprot);
|
||||
SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET);
|
||||
new_called = remove_called = 0;
|
||||
new_called = remove_called = get_called = 0;
|
||||
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
|
||||
NULL, NULL))
|
||||
|| !TEST_true(create_ssl_connection(serverssl1, clientssl1,
|
||||
|
@ -985,7 +986,9 @@ static int execute_test_session(int maxprot, int use_int_cache,
|
|||
if (use_ext_cache) {
|
||||
SSL_SESSION *tmp = sess2;
|
||||
|
||||
if (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0))
|
||||
if (!TEST_int_eq(new_called, 1)
|
||||
|| !TEST_int_eq(remove_called, 0)
|
||||
|| !TEST_int_eq(get_called, 0))
|
||||
goto end;
|
||||
/*
|
||||
* Delete the session from the internal cache to force a lookup from
|
||||
|
@ -1001,7 +1004,7 @@ static int execute_test_session(int maxprot, int use_int_cache,
|
|||
sess2 = tmp;
|
||||
}
|
||||
|
||||
new_called = remove_called = 0;
|
||||
new_called = remove_called = get_called = 0;
|
||||
get_sess_val = sess2;
|
||||
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
|
||||
&clientssl2, NULL, NULL))
|
||||
|
@ -1011,11 +1014,20 @@ static int execute_test_session(int maxprot, int use_int_cache,
|
|||
|| !TEST_true(SSL_session_reused(clientssl2)))
|
||||
goto end;
|
||||
|
||||
if (use_ext_cache
|
||||
&& (!TEST_int_eq(new_called, 0)
|
||||
|| !TEST_int_eq(remove_called, 0)))
|
||||
if (use_ext_cache) {
|
||||
if (!TEST_int_eq(new_called, 0)
|
||||
|| !TEST_int_eq(remove_called, 0))
|
||||
goto end;
|
||||
|
||||
if (maxprot == TLS1_3_VERSION) {
|
||||
if (!TEST_int_eq(get_called, 0))
|
||||
goto end;
|
||||
} else {
|
||||
if (!TEST_int_eq(get_called, 1))
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
testresult = 1;
|
||||
|
||||
end:
|
||||
|
|
Loading…
Reference in a new issue