generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't attempt session resumption if no ticket is present and session

Browse Source 
ID length is zero.
This commit is contained in:
Dr. Stephen Henson
2009-10-28 19:53:10 +00:00
parent 452e41562c
commit e6e11f4ec3
2 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
apps/s_server.c
View File

@@ -771,6 +771,7 @@ int MAIN(int argc, char *argv[])
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
X509 *s_cert = NULL, *s_dcert = NULL; X509 *s_cert = NULL, *s_dcert = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL;
int no_cache = 0;
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
EVP_PKEY *s_key2 = NULL; EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL; X509 *s_cert2 = NULL;
@@ -910,6 +911,8 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
CApath= *(++argv); CApath= *(++argv);
} }
else if (strcmp(*argv,"-no_cache") == 0)
no_cache = 1;
else if (strcmp(*argv,"-crl_check") == 0) else if (strcmp(*argv,"-crl_check") == 0)
{ {
vflags |= X509_V_FLAG_CRL_CHECK; vflags |= X509_V_FLAG_CRL_CHECK;
@@ -1252,7 +1255,9 @@ bad:
if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
if (no_cache)
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
else
SSL_CTX_sess_set_cache_size(ctx,128); SSL_CTX_sess_set_cache_size(ctx,128);
#if 0 #if 0
@@ -1320,6 +1325,9 @@ bad:
if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback); if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
if (no_cache)
SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
else
SSL_CTX_sess_set_cache_size(ctx2,128); SSL_CTX_sess_set_cache_size(ctx2,128);
if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||

12
ssl/s3_clnt.c
View File

@@ -594,9 +594,15 @@ int ssl3_client_hello(SSL *s)
buf=(unsigned char *)s->init_buf->data; buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL3_ST_CW_CLNT_HELLO_A) if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
{ {
if ((s->session == NULL) || SSL_SESSION *sess = s->session;
(s->session->ssl_version != s->version) || if ((sess == NULL) ||
(s->session->not_resumable)) (sess->ssl_version != s->version) ||
#ifdef OPENSSL_NO_TLSEXT
!sess->session_id_length ||
#else
(!sess->session_id_length && !sess->tlsext_tick) ||
#endif
(sess->not_resumable))
{ {
if (!ssl_get_new_session(s,0)) if (!ssl_get_new_session(s,0))
goto err; goto err;