Commit 24252537 authored by Matt Caswell's avatar Matt Caswell
Browse files

Remove session checks from SSL_clear() 



We now allow a different protocol version when reusing a session so we can
unconditionally reset the SSL_METHOD if it has changed.

Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
Reviewed-by: default avatarBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3954)
parent e11b6aa4

ssl/ssl_lib.c

+2 −5
Original line number Diff line number Diff line
@@ -566,12 +566,9 @@ int SSL_clear(SSL *s) 


    /*

     * Check to see if we were changed into a different method, if so, revert

     * back. We always do this in TLSv1.3. Below that we only do it if we are

     * not doing session-id reuse.

     * back.

     */

    if (s->method != s->ctx->method

            && (SSL_IS_TLS13(s)

                || (!ossl_statem_get_in_handshake(s) && s->session == NULL))) {

    if (s->method != s->ctx->method) {

        s->method->ssl_free(s);

        s->method = s->ctx->method;

        if (!s->method->ssl_new(s))