Commit acfe628b authored by Lutz Jänicke's avatar Lutz Jänicke
Browse files

Make removal from session cache more robust.

parent 182d8435

CHANGES

+7 −1
Original line number Diff line number Diff line
@@ -13,7 +13,13 @@ 
         *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7

         +) applies to 0.9.7 only



  +) Do not store session data into the internal session cache, if it

  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:

     check whether we deal with a copy of a session and do not delete from

     the cache in this case. Problem reported by "Izhar Shoshani Levi"

     <izhar@checkpoint.com>.

     [Lutz Jaenicke]



  *) Do not store session data into the internal session cache, if it

     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP

     flag is set). Proposed by Aslam <aslam@funk.com>.

     [Lutz Jaenicke]

ssl/ssl_sess.c

+2 −2
Original line number Diff line number Diff line
@@ -474,10 +474,10 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) 
	if ((c != NULL) && (c->session_id_length != 0))

		{

		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);

		r=(SSL_SESSION *)lh_delete(ctx->sessions,c);

		if (r != NULL)

		if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)

			{

			ret=1;

			r=(SSL_SESSION *)lh_delete(ctx->sessions,c);

			SSL_SESSION_list_remove(ctx,c);

			}