From: Lutz Jänicke <jaenicke@openssl.org>
Date: Wed, 20 Nov 2002 10:46:35 +0000 (+0000)
Subject: Fix bug introduced by the attempt to fix client side external session
X-Git-Tag: OpenSSL_0_9_7-beta5~47
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a153c46d7f8a968ee8e8dce2d1f9aff5cc084234;p=oweals%2Fopenssl.git

Fix bug introduced by the attempt to fix client side external session
caching (#288): now internal caching failed (#351):
Make sure, that cipher_id is set before comparing.
Submitted by:
Reviewed by:
PR: 288 (and 351)
---

diff --git a/CHANGES b/CHANGES
index 02069948cc..789fd54c9a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1780,6 +1780,13 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
  Changes between 0.9.6g and 0.9.6h  [xx XXX xxxx]
 
+  *) Bugfix: client side session caching did not work with external caching,
+     because the session->cipher setting was not restored when reloading
+     from the external cache. This problem was masked, when
+     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+     (Found by Steve Haslam <steve@araqnid.ddts.net>.)
+     [Lutz Jaenicke]
+
   *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
      length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
      [Zeev Lieber <zeev-l@yahoo.com>]
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 44ad368d0e..9425ec6728 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -696,6 +696,11 @@ static int ssl3_get_server_hello(SSL *s)
 		goto f_err;
 		}
 
+	/* Depending on the session caching (internal/external), the cipher
+	   and/or cipher_id values may not be set. Make sure that
+	   cipher_id is set and use it for comparison. */
+	if (s->session->cipher)
+		s->session->cipher_id = s->session->cipher->id;
 	if (s->hit && (s->session->cipher_id != c->id))
 		{
 		if (!(s->options &