From caf97dbad0c0e9c703ca9204886beb3abefc9b9f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Fri, 20 Sep 2002 08:27:44 +0000 Subject: [PATCH] there is no minimum length for session IDs PR: 274 [previous commit did not include all the changes] --- ssl/s3_clnt.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 227708981c..b58321628b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -638,23 +638,13 @@ static int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; } - - if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) - { - /* SSLref returns 16 :-( */ - if (j < SSL2_SSL_SESSION_ID_LENGTH) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); - goto f_err; - } - } if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) { if(s->sid_ctx_length != s->session->sid_ctx_length || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) { + /* actually a client application bug */ al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; -- 2.25.1