Store verify_result with sessions to avoid potential security hole.

For the server side this was already done one year ago :-(
2000-11-29 16:04:38 +00:00
parent 03a0848922
commit 0dd2254d76
3 changed files with 3 additions and 0 deletions
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -508,6 +508,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
 		if (s->session != NULL)
 			SSL_SESSION_free(s->session);
 		s->session=session;
+		s->verify_result = s->session->verify_result;
 		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
 		ret=1;
 		}