projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 32305f8)
Don't update the session cache when processing a client certificate in TLSv1.3
authorMatt Caswell <matt@openssl.org>
Thu, 15 Mar 2018 21:02:15 +0000 (21:02 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 19 Mar 2018 12:21:17 +0000 (12:21 +0000)
We should only update the session cache when we issue a NewSessionTicket.
These are issued automatically after processing a client certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)

ssl/statem/statem_srvr.c patch | blob | history

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 5542a78e21612a3476ce6762f4e435ddfd89424b..c198aa72463e06cb92e64e343140cf753594c327 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3608,9 +3608,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
     sk_X509_pop_free(s->session->peer_chain, X509_free);
     s->session->peer_chain = sk;
 
-    if (new_sess != NULL)
-        ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
     /*
      * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
      * message
Unnamed repository; edit this file 'description' to name the repository.