From: Matt Caswell Date: Tue, 21 Mar 2017 13:48:52 +0000 (+0000) Subject: Remove TLS1.3 TODO around testing for session id length X-Git-Tag: OpenSSL_1_1_1-pre1~1661 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3348fc7e8940b66ab4545a618ba87a63fb677a79;p=oweals%2Fopenssl.git Remove TLS1.3 TODO around testing for session id length TLSv1.3 will do the same thing as TLSv1.2 with tickets with regards to session ids, i.e. it will create a synthetic session id when the session is established, so it is reasonable to check the session id length, even in TLSv1.3. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3008) --- diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 8c4c83954d..a580431aa1 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2442,7 +2442,6 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) if (ticklen == 0) return MSG_PROCESS_CONTINUE_READING; - /* TODO(TLS1.3): Is this a suitable test for TLS1.3? */ if (s->session->session_id_length > 0) { int i = s->session_ctx->session_cache_mode; SSL_SESSION *new_sess;