From aae3743bf24cd0e14be726c774a0be49ff0459d7 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Fri, 28 Jan 2011 15:32:57 -0800 Subject: [PATCH] stream-ssl: Only set SSL client session once. Attempting to call SSL_set_session() on every trip through the SSL connection state machine seems like it could cause the session to be re-set to the cached one even after the server has told us which session is actually to be used. In testing, this change didn't make any difference, but it seems seems like the right thing to do. Bug #4448. --- lib/stream-ssl.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 5a67da8f6..f7112c3e1 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -280,6 +280,13 @@ new_ssl_stream(const char *name, int fd, enum session_type type, if (!verify_peer_cert || (bootstrap_ca_cert && type == CLIENT)) { SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); } + if (type == CLIENT) { + /* Grab SSL session information from the cache. */ + SSL_SESSION *session = shash_find_data(&client_sessions, name); + if (session && SSL_set_session(ssl, session) != 1) { + interpret_queued_ssl_error("SSL_set_session"); + } + } /* Create and return the ssl_stream. */ sslv = xmalloc(sizeof *sslv); @@ -511,15 +518,6 @@ ssl_connect(struct stream *stream) MSG_PEEK); } - /* Grab SSL session information from the cache. */ - if (sslv->type == CLIENT) { - SSL_SESSION *session = shash_find_data(&client_sessions, - stream_get_name(stream)); - if (session) { - SSL_set_session(sslv->ssl, session); - } - } - retval = (sslv->type == CLIENT ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl)); if (retval != 1) { -- 2.43.0