Don't attempt session resumption if no ticket is present and session
authorDr. Stephen Henson <steve@openssl.org>
Wed, 28 Oct 2009 19:53:10 +0000 (19:53 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 28 Oct 2009 19:53:10 +0000 (19:53 +0000)
ID length is zero.

apps/s_server.c
ssl/s3_clnt.c

index f1232fd3dce75d34639463508faa2e12d4ed60f0..cb1ebcae385b481f075b19b0eec6b205d806ca43 100644 (file)
@@ -771,6 +771,7 @@ int MAIN(int argc, char *argv[])
        int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
        X509 *s_cert = NULL, *s_dcert = NULL;
        EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+       int no_cache = 0;
 #ifndef OPENSSL_NO_TLSEXT
        EVP_PKEY *s_key2 = NULL;
        X509 *s_cert2 = NULL;
@@ -910,6 +911,8 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        CApath= *(++argv);
                        }
+               else if (strcmp(*argv,"-no_cache") == 0)
+                       no_cache = 1;
                else if (strcmp(*argv,"-crl_check") == 0)
                        {
                        vflags |= X509_V_FLAG_CRL_CHECK;
@@ -1252,8 +1255,10 @@ bad:
        if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
 
        if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
-
-       SSL_CTX_sess_set_cache_size(ctx,128);
+       if (no_cache)
+               SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+       else
+               SSL_CTX_sess_set_cache_size(ctx,128);
 
 #if 0
        if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@@ -1320,7 +1325,10 @@ bad:
 
                if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
 
-               SSL_CTX_sess_set_cache_size(ctx2,128);
+               if (no_cache)
+                       SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
+               else
+                       SSL_CTX_sess_set_cache_size(ctx2,128);
 
                if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
                        (!SSL_CTX_set_default_verify_paths(ctx2)))
index 7791b145088dc161b6add06453a183c8afdbc612..a76162646e56ef84be07dddfba35645689bf4a63 100644 (file)
@@ -594,9 +594,15 @@ int ssl3_client_hello(SSL *s)
        buf=(unsigned char *)s->init_buf->data;
        if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
                {
-               if ((s->session == NULL) ||
-                       (s->session->ssl_version != s->version) ||
-                       (s->session->not_resumable))
+               SSL_SESSION *sess = s->session;
+               if ((sess == NULL) ||
+                       (sess->ssl_version != s->version) ||
+#ifdef OPENSSL_NO_TLSEXT
+                       !sess->session_id_length ||
+#else
+                       (!sess->session_id_length && !sess->tlsext_tick) ||
+#endif
+                       (sess->not_resumable))
                        {
                        if (!ssl_get_new_session(s,0))
                                goto err;