[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Thu Aug 3 09:31:29 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  89fb0fb2a5391bd6cfd78bd201616ee68b5f5d34 (commit)
       via  15b3fd6f647f340d83cfffbd9a34097883ec9271 (commit)
      from  85d9b9f7169644ee74c294c3adf8b60a90e103e4 (commit)


- Log -----------------------------------------------------------------
commit 89fb0fb2a5391bd6cfd78bd201616ee68b5f5d34
Author: Lingmo Zhu <zlm2006 at gmail.com>
Date:   Wed Aug 2 20:55:40 2017 +0800

    remove horrible pragma macro and remove __owur from SSL_CTX_add_session() declaration
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4014)
    
    (cherry picked from commit 5bd05e579994c756cd994b5e0ff5f395aae6bfff)

commit 15b3fd6f647f340d83cfffbd9a34097883ec9271
Author: Lingmo Zhu <zlm2006 at gmail.com>
Date:   Tue Jul 25 18:00:44 2017 +0800

    Remove the obsolete misleading comment and code related to it.
    
    The comment "The following should not return 1, otherwise, things
    are very strange" is from the very first commit of OpenSSL. The
    really meaning of the comment is if the identical session can be
    found from internal cache after calling get_session_cb but not
    found before calling get_session_cb, it is just strange.
    
    The value 1 was originated from the old doc of SSLeay, reversed
    from the actual return value of SSL_CTX_add_session().
    
    Anyway either return value of SSL_CTX_add_session() should not
    interrupt the session resumption process. So the checking of
    return value of SSL_CTX_add_session() is not necessary.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4014)
    
    (cherry picked from commit e29bb83479cc567b4bb414dc55148ec06a30a115)

-----------------------------------------------------------------------

Summary of changes:
 include/openssl/ssl.h | 2 +-
 ssl/ssl_sess.c        | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 6f0f361..2c694b4 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1444,7 +1444,7 @@ int SSL_SESSION_up_ref(SSL_SESSION *ses);
 void SSL_SESSION_free(SSL_SESSION *ses);
 __owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
 __owur int SSL_set_session(SSL *to, SSL_SESSION *session);
-__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
 int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
 __owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
 __owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 92ba599..f0274cf 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -531,11 +531,11 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
                 (s->session_ctx->session_cache_mode &
                  SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
                 /*
-                 * The following should not return 1, otherwise, things are
-                 * very strange
+                 * Either return value of SSL_CTX_add_session should not
+                 * interrupt the session resumption process. The return
+                 * value is intentionally ignored.
                  */
-                if (SSL_CTX_add_session(s->session_ctx, ret))
-                    goto err;
+                SSL_CTX_add_session(s->session_ctx, ret);
             }
         }
     }


More information about the openssl-commits mailing list