wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't attempt session resumption if no ticket is present and session

Browse source 
ID length is zero.
This commit is contained in:
Dr. Stephen Henson 2009-10-28 19:53:10 +00:00
parent 452e41562c
commit e6e11f4ec3
2 changed files with 20 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
apps/s_server.c
View file

@ -771,6 +771,7 @@ int MAIN(int argc, char *argv[])
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
X509 *s_cert = NULL, *s_dcert = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
int no_cache = 0;
#ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
@ -910,6 +911,8 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
CApath= *(++argv);
}
else if (strcmp(*argv,"-no_cache") == 0)
no_cache = 1;
else if (strcmp(*argv,"-crl_check") == 0)
{
vflags |= X509_V_FLAG_CRL_CHECK;
@ -1252,8 +1255,10 @@ bad:
if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
SSL_CTX_sess_set_cache_size(ctx,128);
if (no_cache)
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
else
SSL_CTX_sess_set_cache_size(ctx,128);
#if 0
if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@ -1320,7 +1325,10 @@ bad:
if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
SSL_CTX_sess_set_cache_size(ctx2,128);
if (no_cache)
SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
else
SSL_CTX_sess_set_cache_size(ctx2,128);
if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx2)))

12
ssl/s3_clnt.c
View file

@ -594,9 +594,15 @@ int ssl3_client_hello(SSL *s)
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
{
if ((s->session == NULL) ||
(s->session->ssl_version != s->version) ||
(s->session->not_resumable))
SSL_SESSION *sess = s->session;
if ((sess == NULL) ||
(sess->ssl_version != s->version) ||
#ifdef OPENSSL_NO_TLSEXT
!sess->session_id_length ||
#else
(!sess->session_id_length && !sess->tlsext_tick) ||
#endif
(sess->not_resumable))
{
if (!ssl_get_new_session(s,0))
goto err;