Commit 1f156321 authored by Matt Caswell's avatar Matt Caswell
Browse files

Restore behaviour from commit 36ff232c that was incorrectly removed 



In TLSv1.2 and below we should remove an old session from the client
session cache in the event that we receive a new session ticket from the
server.

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6601)
parent c36b39b5

ssl/statem/statem_clnt.c

+11 −0
Original line number Diff line number Diff line
@@ -2591,6 +2591,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) 
     */

    if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) {

        SSL_SESSION *new_sess;



        /*

         * We reused an existing session, so we need to replace it with a new

         * one
@@ -2602,6 +2603,16 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) 
            goto err;

        }



        if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0

                && !SSL_IS_TLS13(s)) {

            /*

             * In TLSv1.2 and below the arrival of a new tickets signals that

             * any old ticket we were using is now out of date, so we remove the

             * old session from the cache. We carry on if this fails

             */

            SSL_CTX_remove_session(s->session_ctx, s->session);

        }



        SSL_SESSION_free(s->session);

        s->session = new_sess;

    }