Skip to content

Commit

Permalink
Remove session checks from SSL_clear()
Browse files Browse the repository at this point in the history 
We now allow a different protocol version when reusing a session so we can
unconditionally reset the SSL_METHOD if it has changed.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from #3954)
  • Loading branch information
@mattcaswell
mattcaswell committed Jul 18, 2017
1 parent e11b6aa commit 2425253
Showing 1 changed file with 2 additions and 5 deletions.
7 changes: 2 additions & 5 deletions ssl/ssl_lib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -566,12 +566,9 @@ int SSL_clear(SSL *s)

/*
* Check to see if we were changed into a different method, if so, revert
* back. We always do this in TLSv1.3. Below that we only do it if we are
* not doing session-id reuse.
* back.
*/
if (s->method != s->ctx->method
&& (SSL_IS_TLS13(s)
|| (!ossl_statem_get_in_handshake(s) && s->session == NULL))) {
if (s->method != s->ctx->method) {
s->method->ssl_free(s);
s->method = s->ctx->method;
if (!s->method->ssl_new(s))
Expand Down

0 comments on commit 2425253

Please sign in to comment.