+ s->ctx->stats.sess_cb_hit++;
+
+ /* Increment reference count now if the session callback
+ * asks us to do so (note that if the session structures
+ * returned by the callback are shared between threads,
+ * it must handle the reference count itself [i.e. copy == 0],
+ * or things won't be thread-safe). */
+ if (copy)
+ CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+
+ /* Add the externally cached session to the internal
+ * cache as well if and only if we are supposed to. */
+ if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+ /* The following should not return 1, otherwise,
+ * things are very strange */
+ SSL_CTX_add_session(s->ctx,ret);
+ }
+ if (ret == NULL)
+ goto err;
+ }
+
+ /* Now ret is non-NULL, and we own one of its reference counts. */
+
+ if((s->verify_mode&SSL_VERIFY_PEER)
+ && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
+ || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
+ {
+ /* We've found the session named by the client, but we don't
+ * want to use it in this context. */
+
+ if (s->sid_ctx_length == 0)
+ {
+ /* application should have used SSL[_CTX]_set_session_id_context
+ * -- we could tolerate this and just pretend we never heard
+ * of this session, but then applications could effectively
+ * disable the session cache by accident without anyone noticing */
+
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+ fatal = 1;
+ goto err;
+ }
+ else
+ {
+#if 0 /* The client cannot always know when a session is not appropriate,
+ * so we shouldn't generate an error message. */
+
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+#endif
+ goto err; /* treat like cache miss */