Comment about bug.

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 29e6cc16ce4be23e726bd00878b318843dd468db..e918d9854f19a82a2265de1c088c89f23cdb3cc8 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -168,6 +168,8 @@ int ssl_get_new_session(SSL *s, int session)
                        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
                        if (r == NULL) break;
                        /* else - woops a session_id match */
+                       /* XXX should also check external cache!
+                        * (But the probability of a collision is negligible, anyway...) */
                        }
                }
        else