generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ensure that the session ID context of an SSL* is updated

Browse Source 
when its SSL_CTX is updated.

From BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Adam Langley
2015-01-05 17:28:33 +01:00
committed by Emilia Kasper
parent 4c52816d35
commit 61aa44ca99
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ssl/ssl_lib.c
View File

@@ -3194,6 +3194,21 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
if (ssl->ctx != NULL)
SSL_CTX_free(ssl->ctx); /* decrement reference count */
ssl->ctx = ctx;
/*
* Inherit the session ID context as it is typically set from the
* parent SSL_CTX, and can vary with the CTX.
* Note that per-SSL SSL_set_session_id_context() will not persist
* if called before SSL_set_SSL_CTX.
*/
ssl->sid_ctx_length = ctx->sid_ctx_length;
/*
* Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
* so setter APIs must prevent invalid lengths from entering the system.
*/
OPENSSL_assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx);
memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
return(ssl->ctx);
}