[openssl-commits] [openssl] OpenSSL source code branch master updated. ac8e9cbe14b59dacfe4ac52bc5ff06f8003e9b01

Emilia Kasper emilia at openssl.org
Tue Jan 6 22:19:24 UTC 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, master has been updated
       via  ac8e9cbe14b59dacfe4ac52bc5ff06f8003e9b01 (commit)
      from  cb62ab4b17818fe66d2fed0a7fe71969131c811b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ac8e9cbe14b59dacfe4ac52bc5ff06f8003e9b01
Author: Emilia Kasper <emilia at openssl.org>
Date:   Tue Jan 6 15:41:04 2015 +0100

    Only inherit the session ID context in SSL_set_SSL_CTX if the existing
    context was also inherited (matches that of the existing SSL_CTX).
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_lib.c |   33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d42f50b..f9f91e6 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3191,24 +3191,31 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
 			}
 		ssl_cert_free(ocert);
 		}
-	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
-	if (ssl->ctx != NULL)
-		SSL_CTX_free(ssl->ctx); /* decrement reference count */
-	ssl->ctx = ctx;
 
 	/*
-	 * Inherit the session ID context as it is typically set from the
-	 * parent SSL_CTX, and can vary with the CTX.
-	 * Note that per-SSL SSL_set_session_id_context() will not persist
-	 * if called before SSL_set_SSL_CTX.
-	 */
-	ssl->sid_ctx_length = ctx->sid_ctx_length;
-	/*
 	 * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
 	 * so setter APIs must prevent invalid lengths from entering the system.
 	 */
-	OPENSSL_assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx);
-	memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+	OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
+
+	/*
+	 * If the session ID context matches that of the parent SSL_CTX,
+	 * inherit it from the new SSL_CTX as well. If however the context does
+	 * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
+	 * leave it unchanged.
+	 */
+	if ((ssl->ctx != NULL) &&
+		(ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
+		(memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0))
+		{
+		ssl->sid_ctx_length = ctx->sid_ctx_length;
+		memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+		}
+
+	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+	if (ssl->ctx != NULL)
+		SSL_CTX_free(ssl->ctx); /* decrement reference count */
+	ssl->ctx = ctx;
 
 	return(ssl->ctx);
 	}


hooks/post-receive
-- 
OpenSSL source code

More information about the openssl-commits mailing list