Allow different protocol version when trying to reuse a session
We now send the highest supported version by the client, even if the session uses an older version. This fixes 2 problems: - When you try to reuse a session but the other side doesn't reuse it and uses a different protocol version the connection will fail. - When you're trying to reuse a session with an old version you might be stuck trying to reuse the old version while both sides support a newer version Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> GH: #852, MR: #2452
This commit is contained in:
Fedor Indutny
committed by
Kurt Roeckx
Kurt Roeckx
parent
ce84456ddf
commit
ccae4a1582
@@ -872,19 +872,9 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss)
|
||||
int SSL_set_session(SSL *s, SSL_SESSION *session)
|
||||
{
|
||||
int ret = 0;
|
||||
const SSL_METHOD *meth;
|
||||
|
||||
if (session != NULL) {
|
||||
meth = s->ctx->method->get_ssl_method(session->ssl_version);
|
||||
if (meth == NULL)
|
||||
meth = s->method->get_ssl_method(session->ssl_version);
|
||||
if (meth == NULL) {
|
||||
SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
|
||||
return (0);
|
||||
}
|
||||
|
||||
if (meth != s->method) {
|
||||
if (!SSL_set_ssl_method(s, meth))
|
||||
if (s->ctx->method != s->method) {
|
||||
if (!SSL_set_ssl_method(s, s->ctx->method))
|
||||
return (0);
|
||||
}
|
||||
|
||||
@@ -896,9 +886,8 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
|
||||
} else {
|
||||
SSL_SESSION_free(s->session);
|
||||
s->session = NULL;
|
||||
meth = s->ctx->method;
|
||||
if (meth != s->method) {
|
||||
if (!SSL_set_ssl_method(s, meth))
|
||||
if (s->ctx->method != s->method) {
|
||||
if (!SSL_set_ssl_method(s, s->ctx->method))
|
||||
return (0);
|
||||
}
|
||||
ret = 1;
|
||||
|
||||
Reference in New Issue
Block a user