From e4612d02c53cccd24fa97b08fc01250d1238cca1 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 13 Jun 2016 11:24:15 +0100 Subject: [PATCH] Remove sessions from external cache, even if internal cache not used. If the SSL_SESS_CACHE_NO_INTERNAL_STORE cache mode is used then we weren't removing sessions from the external cache, e.g. if an alert occurs the session is supposed to be automatically removed. Reviewed-by: Richard Levitte --- ssl/ssl_sess.c | 10 +++++----- ssl/statem/statem_clnt.c | 11 ++--------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 41abe44a82..74250c2d13 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -708,16 +708,16 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) r = lh_SSL_SESSION_delete(ctx->sessions, c); SSL_SESSION_list_remove(ctx, c); } + c->not_resumable = 1; if (lck) CRYPTO_THREAD_unlock(ctx->lock); - if (ret) { - r->not_resumable = 1; - if (ctx->remove_session_cb != NULL) - ctx->remove_session_cb(ctx, r); + if (ret) SSL_SESSION_free(r); - } + + if (ctx->remove_session_cb != NULL) + ctx->remove_session_cb(ctx, c); } else ret = 0; return (ret); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index bef2583c32..4bd5a29f63 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1839,16 +1839,9 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) */ if (i & SSL_SESS_CACHE_CLIENT) { /* - * Remove the old session from the cache + * Remove the old session from the cache. We carry on if this fails */ - if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { - if (s->session_ctx->remove_session_cb != NULL) - s->session_ctx->remove_session_cb(s->session_ctx, - s->session); - } else { - /* We carry on if this fails */ - SSL_CTX_remove_session(s->session_ctx, s->session); - } + SSL_CTX_remove_session(s->session_ctx, s->session); } if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { -- 2.25.1