If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't
removing sessions from the external cache, e.g. if an alert occurs the
session is supposed to be automatically removed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
r = lh_SSL_SESSION_delete(ctx->sessions, c);
SSL_SESSION_list_remove(ctx, c);
}
+ c->not_resumable = 1;
if (lck)
CRYPTO_THREAD_unlock(ctx->lock);
- if (ret) {
- r->not_resumable = 1;
- if (ctx->remove_session_cb != NULL)
- ctx->remove_session_cb(ctx, r);
+ if (ret)
SSL_SESSION_free(r);
- }
+
+ if (ctx->remove_session_cb != NULL)
+ ctx->remove_session_cb(ctx, c);
} else
ret = 0;
return (ret);
*/
if (i & SSL_SESS_CACHE_CLIENT) {
/*
- * Remove the old session from the cache
+ * Remove the old session from the cache. We carry on if this fails
*/
- if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
- if (s->session_ctx->remove_session_cb != NULL)
- s->session_ctx->remove_session_cb(s->session_ctx,
- s->session);
- } else {
- /* We carry on if this fails */
- SSL_CTX_remove_session(s->session_ctx, s->session);
- }
+ SSL_CTX_remove_session(s->session_ctx, s->session);
}
if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
projects / oweals / openssl.git / commitdiff