static int ssl_session_num=0;
static STACK *ssl_session_meth=NULL;
+#if 1 /* traditional SSLeay behaviour */
SSL_SESSION *SSL_get_session(SSL *ssl)
{
return(ssl->session);
}
+#else /* suggested change: increase reference counter so that a session
+ * can later be set in a new SSL object.
+ * Objections:
+ * -- the modified function should have a new name (or old
+ * applications, including s_client, leak memory);
+ * -- the locking seems unnecessary given that SSL structures
+ * usually cannot be safely shared between threads anyway. */
+SSL_SESSION *SSL_get_session(SSL *ssl)
+ {
+ SSL_SESSION *sess;
+ /* Need to lock this all up rather than just use CRYPTO_add so that
+ * somebody doesn't free ssl->session between when we check it's
+ * non-null and when we up the reference count. */
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
+ sess = ssl->session;
+ if(sess)
+ sess->references++;
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
+ return(sess);
+ }
+#endif
int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)())
- {
- ssl_session_num++;
- return(CRYPTO_get_ex_new_index(ssl_session_num-1,
+ {
+ ssl_session_num++;
+ return(CRYPTO_get_ex_new_index(ssl_session_num-1,
&ssl_session_meth,
- argl,argp,new_func,dup_func,free_func));
- }
+ argl,argp,new_func,dup_func,free_func));
+ }
int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
{
}
memset(ss,0,sizeof(SSL_SESSION));
+ ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
ss->references=1;
ss->timeout=60*5+4; /* 5 minute timeout by default */
ss->time=time(NULL);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
ss->ssl_version=s->version;
+ ss->verify_result = X509_V_OK;
return(1);
}
{
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
- /* don't allow other threads to steal it: */
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+ if (ret != NULL)
+ /* don't allow other threads to steal it: */
+ CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
}
if (s->session != NULL)
SSL_SESSION_free(s->session);
s->session=ret;
+ s->verify_result = s->session->verify_result;
return(1);
err: