[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Tue Sep 1 23:33:14 UTC 2015


The branch OpenSSL_1_0_2-stable has been updated
       via  dc0c888811cebfa2d21c844be0d81335fb2361da (commit)
      from  9a931208d7fc8a3596dda005cdbd6439938f01b0 (commit)


- Log -----------------------------------------------------------------
commit dc0c888811cebfa2d21c844be0d81335fb2361da
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Aug 5 13:33:52 2015 +0100

    Fix session resumption
    
    Commit f0348c842e7 introduced a problem with session resumption. The
    version for the session is fixed when the session is created. By moving
    the creation of the session earlier in the process the version is fixed
    *before* version negotiation has completed when processing the ServerHello
    on the client side. This fix updates the session version after version neg
    has completed.
    
    Reviewed-by: Emilia Käsper <emilia at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/s23_clnt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index acbbe31..f782010 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -736,6 +736,8 @@ static int ssl23_get_server_hello(SSL *s)
             goto err;
         }
 
+        s->session->ssl_version = s->version;
+
         /* ensure that TLS_MAX_VERSION is up-to-date */
         OPENSSL_assert(s->version <= TLS_MAX_VERSION);
 


More information about the openssl-commits mailing list