From f023ba2df821d186d73fefda6fa5cafcc5a3ee39 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 15 Mar 2018 21:02:15 +0000 Subject: [PATCH] Don't update the session cache when processing a client certificate in TLSv1.3 We should only update the session cache when we issue a NewSessionTicket. These are issued automatically after processing a client certificate. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5644) --- ssl/statem/statem_srvr.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 5542a78e21..c198aa7246 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3608,9 +3608,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) sk_X509_pop_free(s->session->peer_chain, X509_free); s->session->peer_chain = sk; - if (new_sess != NULL) - ssl_update_cache(s, SSL_SESS_CACHE_SERVER); - /* * Freeze the handshake buffer. For