Curl_ssl_getsessionid: fail if no session cache exists

This function might get called for an easy handle for which the session cache hasn't been setup. It now just returns a "miss" in that case. Fixes #7148
curl · May 31, 2021 · 0daeb68 · 0daeb68
1 parent 1c1d9f1
commit 0daeb68
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
@@ -407,8 +407,9 @@ bool Curl_ssl_getsessionid(struct Curl_easy *data,
 
   DEBUGASSERT(SSL_SET_OPTION(primary.sessionid));
 
-  if(!SSL_SET_OPTION(primary.sessionid))
-    /* session ID re-use is disabled */
+  if(!SSL_SET_OPTION(primary.sessionid) || !data->state.session)
+    /* session ID re-use is disabled or the session cache has not been
+       setup */
     return TRUE;
 
   /* Lock if shared */