Additional, more descriptive error message for rejection of a session ID

because of missing session ID context (so that application programmers
are directly pointed to what they should do differently).

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 1df253cd28dc8e7e82d08d1c2f5592d59589e8c6..8983cf97fa600ffe9bf76e5e9d91733179f62da4 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1365,6 +1365,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                216
 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                  217
 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                218
+#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED          277
 #define SSL_R_SHORT_READ                                219
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE     220
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE              221

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 358abef1e6fe2691a3df930c20096d0b7c2a5705..3ddc805b537067cb2445b0210486900972626882 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -318,6 +318,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO        ,"reuse cert length not zero"},
 {SSL_R_REUSE_CERT_TYPE_NOT_ZERO          ,"reuse cert type not zero"},
 {SSL_R_REUSE_CIPHER_LIST_NOT_ZERO        ,"reuse cipher list not zero"},
+{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED  ,"session id context uninitialized"},
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
 {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 259725c7a10f10ec1fb74f63e21f56f46f941f64..cac408c38e805689c102f6a7c71accfc2d409fec 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -225,7 +225,11 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
           && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
               || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
            {
-           SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+               if (s->sid_ctx_length)
+                       SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+               else
+                       /* application should have used SSL[_CTX]_set_session_id_context */
+                       SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
            return 0;
            }