From: Lutz Jänicke Date: Tue, 26 Feb 2002 21:44:07 +0000 (+0000) Subject: Make sure that bad sessions are removed in SSL_clear() (found by X-Git-Tag: OpenSSL_0_9_7-beta1~193 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3b79d2789db948c544932336fd1f1a392728f072;p=oweals%2Fopenssl.git Make sure that bad sessions are removed in SSL_clear() (found by Yoram Zahavi). Submitted by: Reviewed by: PR: --- diff --git a/CHANGES b/CHANGES index 03a91009d7..9b42687959 100644 --- a/CHANGES +++ b/CHANGES @@ -13,6 +13,10 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + *) Fix bug in SSL_clear(): bad sessions were not removed (found by + Yoram Zahavi ). + [Lutz Jaenicke] + +) Add and OPENSSL_LOAD_CONF define which will cause OpenSSL_add_all_algorithms() to load the openssl.cnf config file. This allows older applications to transparently support certain diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1195171a57..2b60d7288f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -136,7 +136,6 @@ OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={ int SSL_clear(SSL *s) { - int state; if (s->method == NULL) { @@ -161,9 +160,14 @@ int SSL_clear(SSL *s) } #endif - state=s->state; /* Keep to check if we throw away the session-id */ s->type=0; + if (ssl_clear_bad_session(s)) + { + SSL_SESSION_free(s->session); + s->session=NULL; + } + s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); s->version=s->method->version; @@ -182,12 +186,6 @@ int SSL_clear(SSL *s) ssl_clear_cipher_ctx(s); - if (ssl_clear_bad_session(s)) - { - SSL_SESSION_free(s->session); - s->session=NULL; - } - s->first_packet=0; #if 1