Majority rules, use session_ctx vs initial_ctx

    s->ext.ocsp.resp = NULL;

    s->ext.ocsp.resp = NULL;

    s->ext.ocsp.resp_len = 0;

    s->ext.ocsp.resp_len = 0;

    SSL_CTX_up_ref(ctx);

    SSL_CTX_up_ref(ctx);

    s->initial_ctx = ctx;

    s->session_ctx = ctx;

#ifndef OPENSSL_NO_EC

#ifndef OPENSSL_NO_EC

    if (ctx->ext.ecpointformats) {

    if (ctx->ext.ecpointformats) {

        s->ext.ecpointformats =

        s->ext.ecpointformats =

    /* Free up if allocated */

    /* Free up if allocated */

    OPENSSL_free(s->ext.hostname);

    OPENSSL_free(s->ext.hostname);

    SSL_CTX_free(s->initial_ctx);

    SSL_CTX_free(s->session_ctx);

#ifndef OPENSSL_NO_EC

#ifndef OPENSSL_NO_EC

    OPENSSL_free(s->ext.ecpointformats);

    OPENSSL_free(s->ext.ecpointformats);

    OPENSSL_free(s->ext.supportedgroups);

    OPENSSL_free(s->ext.supportedgroups);

    if (ssl->ctx == ctx)

    if (ssl->ctx == ctx)

        return ssl->ctx;

        return ssl->ctx;

    if (ctx == NULL)

    if (ctx == NULL)

        ctx = ssl->initial_ctx;

        ctx = ssl->session_ctx;

    new_cert = ssl_cert_dup(ctx->cert);

    new_cert = ssl_cert_dup(ctx->cert);

    if (new_cert == NULL) {

    if (new_cert == NULL) {

        return NULL;

        return NULL;

    /* Have we attempted to find/parse SCTs yet? */

    /* Have we attempted to find/parse SCTs yet? */

    int scts_parsed;

    int scts_parsed;

# endif

# endif

    SSL_CTX *initial_ctx;       /* initial ctx, used to store sessions */

    SSL_CTX *session_ctx;       /* initial ctx, used to store sessions */

# ifndef OPENSSL_NO_NEXTPROTONEG

# endif

# define session_ctx initial_ctx

    /* What we'll do */

    /* What we'll do */

    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;

    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;

    /* What's been chosen */

    /* What's been chosen */

    if (s->ctx != NULL && s->ctx->ext.servername_cb != 0)

    if (s->ctx != NULL && s->ctx->ext.servername_cb != 0)

        ret = s->ctx->ext.servername_cb(s, &altmp,

        ret = s->ctx->ext.servername_cb(s, &altmp,

                                        s->ctx->ext.servername_arg);

                                        s->ctx->ext.servername_arg);

    else if (s->initial_ctx != NULL

    else if (s->session_ctx != NULL

             && s->initial_ctx->ext.servername_cb != 0)

             && s->session_ctx->ext.servername_cb != 0)

        ret = s->initial_ctx->ext.servername_cb(s, &altmp,

        ret = s->session_ctx->ext.servername_cb(s, &altmp,

                                       s->initial_ctx->ext.servername_arg);

                                       s->session_ctx->ext.servername_arg);

    switch (ret) {

    switch (ret) {

    case SSL_TLSEXT_ERR_ALERT_FATAL:

    case SSL_TLSEXT_ERR_ALERT_FATAL:

    int len, slen_full, slen, lenfinal;

    int len, slen_full, slen, lenfinal;

    SSL_SESSION *sess;

    SSL_SESSION *sess;

    unsigned int hlen;

    unsigned int hlen;

    SSL_CTX *tctx = s->initial_ctx;

    SSL_CTX *tctx = s->session_ctx;

    unsigned char iv[EVP_MAX_IV_LENGTH];

    unsigned char iv[EVP_MAX_IV_LENGTH];

    unsigned char key_name[TLSEXT_KEYNAME_LENGTH];

    unsigned char key_name[TLSEXT_KEYNAME_LENGTH];

    int iv_len, al = SSL_AD_INTERNAL_ERROR;

    int iv_len, al = SSL_AD_INTERNAL_ERROR;

    unsigned char tick_hmac[EVP_MAX_MD_SIZE];

    unsigned char tick_hmac[EVP_MAX_MD_SIZE];

    HMAC_CTX *hctx = NULL;

    HMAC_CTX *hctx = NULL;

    EVP_CIPHER_CTX *ctx;

    EVP_CIPHER_CTX *ctx;

    SSL_CTX *tctx = s->initial_ctx;

    SSL_CTX *tctx = s->session_ctx;

    /* Initialize session ticket encryption and HMAC contexts */

    /* Initialize session ticket encryption and HMAC contexts */

    hctx = HMAC_CTX_new();

    hctx = HMAC_CTX_new();