Backport from 0.9.7:

 Changes between 0.9.6c and 0.9.6d  [XX xxx XXXX]

  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:

     check whether we deal with a copy of a session and do not delete from

     the cache in this case. Problem reported by "Izhar Shoshani Levi"

     <izhar@checkpoint.com>.

     [Lutz Jaenicke]

  *) Do not store session data into the internal session cache, if it

     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP

     flag is set). Proposed by Aslam <aslam@funk.com>.

     [Lutz Jaenicke]

  *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested

     value is 0.

     [Richard Levitte]

	 * and it would be rather hard to do anyway :-) */

	if (s->session->session_id_length == 0) return;

	if ((s->ctx->session_cache_mode & mode)

		&& (!s->hit)

		&& SSL_CTX_add_session(s->ctx,s->session)

	i=s->ctx->session_cache_mode;

	if ((i & mode) && (!s->hit)

		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)

		    || SSL_CTX_add_session(s->ctx,s->session))

		&& (s->ctx->new_session_cb != NULL))

		{

		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);

		}

	/* auto flush every 255 connections */

	i=s->ctx->session_cache_mode;

	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&

		((i & mode) == mode))

		{

	if ((c != NULL) && (c->session_id_length != 0))

		{

		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

		r=(SSL_SESSION *)lh_delete(ctx->sessions,c);

		if (r != NULL)

		if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)

			{

			ret=1;

			r=(SSL_SESSION *)lh_delete(ctx->sessions,c);

			SSL_SESSION_list_remove(ctx,c);

			}