From 8a41eb70cc6d3272cb9c4a52a02a8b603b310189 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Thu, 13 May 1999 10:32:04 +0000
Subject: [PATCH] First tiny changes in preparation of changing of "sess_cert"
 handling. Also I've subsituted real tabs for 8-spaces sequences in some lines
 so that things don't look that weird with a tab-width of 4.

---
 ssl/ssl_lib.c  | 53 ++++++++++++++++++++++++++++++++++++--------------
 ssl/ssl_locl.h |  2 +-
 2 files changed, 39 insertions(+), 16 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 18564170cc..6a9de2bf49 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1505,7 +1505,7 @@ char *SSL_get_version(SSL *s)
 	}
 
 SSL *SSL_dup(SSL *s)
-        {
+	{
 	STACK_OF(X509_NAME) *sk;
 	X509_NAME *xn;
         SSL *ret;
@@ -1514,8 +1514,31 @@ SSL *SSL_dup(SSL *s)
 	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
 	    return(NULL);
 			  
-	/* This copies version, session-id, SSL_METHOD and 'cert' */
-	SSL_copy_session_id(ret,s);
+	if (s->session != NULL)
+		{
+		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
+		SSL_copy_session_id(ret,s);
+		}
+	else
+		{
+		/* No session has been established yet, so we have to expect
+		 * that s->cert or ret->cert will be changed later --
+		 * they should not both point to the same object,
+		 * and thus we can't use SSL_copy_session_id. */
+
+		ret->method = s->method;
+		ret->method->ssl_new(ret);
+
+		if (s->cert != NULL)
+			{
+			ret->cert = ssl_cert_dup(s->cert);
+			if (ret->cert == NULL)
+				goto err;
+			}
+				
+		SSL_set_session_id_context(ret,
+			s->sid_ctx, s->sid_ctx_length);
+		}
 
 	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
 	SSL_set_verify(ret,SSL_get_verify_mode(s),
@@ -1591,18 +1614,18 @@ err:
 
 void ssl_clear_cipher_ctx(SSL *s)
 	{
-        if (s->enc_read_ctx != NULL)
-                {
-                EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
-                Free(s->enc_read_ctx);
-                s->enc_read_ctx=NULL;
-                }
-        if (s->enc_write_ctx != NULL)
-                {
-                EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
-                Free(s->enc_write_ctx);
-                s->enc_write_ctx=NULL;
-                }
+	if (s->enc_read_ctx != NULL)
+		{
+		EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
+		Free(s->enc_read_ctx);
+		s->enc_read_ctx=NULL;
+		}
+	if (s->enc_write_ctx != NULL)
+		{
+		EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
+		Free(s->enc_write_ctx);
+		s->enc_write_ctx=NULL;
+		}
 	if (s->expand != NULL)
 		{
 		COMP_CTX_free(s->expand);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index f1bfcf9519..91f3b254c7 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -277,7 +277,7 @@ typedef struct cert_st
 
 	STACK_OF(X509) *cert_chain; /* XXX should only exist in sess_cert_st */
 
-	int references; /* XXX will finally always be 1 */
+	int references; /*> 1 only if SSL_copy_session_id is used */
 	} CERT;
 
 
-- 
2.25.1