wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't remove sessions from the cache during PHA in TLSv1.3

Browse source 
If we issue new tickets due to post-handshake authentication there is no
reason to remove previous tickets from the cache. The code that did that
only removed the last session anyway - so if more than one ticket got
issued then those other tickets are still valid.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6722)
This commit is contained in:
Matt Caswell 2018-07-16 14:57:35 +01:00
parent 57fd517066
commit 84475ccb70
1 changed files with 0 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
ssl/statem/statem_srvr.c
View file

@ -3648,8 +3648,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
*/
if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
int m = s->session_ctx->session_cache_mode;
if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
@ -3657,13 +3655,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
goto err;
}
if (m & SSL_SESS_CACHE_SERVER) {
/*
* Remove the old session from the cache. We carry on if this fails
*/
SSL_CTX_remove_session(s->session_ctx, s->session);
}
SSL_SESSION_free(s->session);
s->session = new_sess;
}