Bugfix: In ssl3_accept, don't use a local variable 'got_new_session'

to indicate that a real handshake is taking place (the value will be lost during multiple invocations). Set s->new_session to 2 instead.
2002-01-14 23:42:47 +00:00
parent 5f18fe493e
commit 19fa8cfe5a
5 changed files with 128 additions and 5 deletions
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -167,7 +167,6 @@ int ssl3_accept(SSL *s)
 	long num1;
 	int ret= -1;
 	int new_state,state,skip=0;
-	int got_new_session=0;

 	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
@@ -280,7 +279,7 @@ int ssl3_accept(SSL *s)
 			s->shutdown=0;
 			ret=ssl3_get_client_hello(s);
 			if (ret <= 0) goto end;
-			got_new_session=1;
+			s->new_session = 2;
 			s->state=SSL3_ST_SW_SRVR_HELLO_A;
 			s->init_num=0;
 			break;
@@ -513,7 +512,7 @@ int ssl3_accept(SSL *s)

 			s->init_num=0;

-			if (got_new_session) /* skipped if we just sent a HelloRequest */
+			if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
 				{
 				/* actually not necessarily a 'new' session  */