Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi).
This commit is contained in:
parent
b12540520d
commit
334f1842fc
2 changed files with 10 additions and 8 deletions
4
CHANGES
4
CHANGES
|
@ -43,6 +43,10 @@
|
|||
*) applies to 0.9.6a ... 0.9.6d and 0.9.7
|
||||
+) applies to 0.9.7 only
|
||||
|
||||
*) Fix bug in SSL_clear(): bad sessions were not removed (found by
|
||||
Yoram Zahavi <YoramZ@gilian.com>).
|
||||
[Lutz Jaenicke]
|
||||
|
||||
+) Add and OPENSSL_LOAD_CONF define which will cause
|
||||
OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
|
||||
This allows older applications to transparently support certain
|
||||
|
|
|
@ -136,7 +136,6 @@ OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
|
|||
|
||||
int SSL_clear(SSL *s)
|
||||
{
|
||||
int state;
|
||||
|
||||
if (s->method == NULL)
|
||||
{
|
||||
|
@ -161,9 +160,14 @@ int SSL_clear(SSL *s)
|
|||
}
|
||||
#endif
|
||||
|
||||
state=s->state; /* Keep to check if we throw away the session-id */
|
||||
s->type=0;
|
||||
|
||||
if (ssl_clear_bad_session(s))
|
||||
{
|
||||
SSL_SESSION_free(s->session);
|
||||
s->session=NULL;
|
||||
}
|
||||
|
||||
s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
|
||||
|
||||
s->version=s->method->version;
|
||||
|
@ -182,12 +186,6 @@ int SSL_clear(SSL *s)
|
|||
|
||||
ssl_clear_cipher_ctx(s);
|
||||
|
||||
if (ssl_clear_bad_session(s))
|
||||
{
|
||||
SSL_SESSION_free(s->session);
|
||||
s->session=NULL;
|
||||
}
|
||||
|
||||
s->first_packet=0;
|
||||
|
||||
#if 1
|
||||
|
|
Loading…
Reference in a new issue