[openssl-commits] [openssl] master update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Fri Aug 25 12:37:31 UTC 2017
The branch master has been updated
via 0afca8113e81e8cd6f0f891f7f6ebfc5f14489db (commit)
from 0139ce7c92f5570ce1513cfe776df94460842ce0 (commit)
- Log -----------------------------------------------------------------
commit 0afca8113e81e8cd6f0f891f7f6ebfc5f14489db
Author: Kazuki Yamaguchi <k at rhe.jp>
Date: Fri Mar 31 22:52:56 2017 +0900
Do not lookup zero-length session ID
A condition was removed by commit 1053a6e2281d; presumably it was an
unintended change. Restore the previous behavior so the get_session_cb
won't be called with zero-length session ID.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4236)
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_sess.c | 3 ++-
test/sslapitest.c | 28 ++++++++++++++++++++--------
2 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 7336251..efba707 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -491,7 +491,8 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello, int *al)
goto err;
case TICKET_NONE:
case TICKET_EMPTY:
- try_session_cache = 1;
+ if (hello->session_id_len > 0)
+ try_session_cache = 1;
break;
case TICKET_NO_DECRYPT:
case TICKET_SUCCESS:
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 622f159..4a9c075 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -757,7 +757,7 @@ static int test_tlsext_status_type(void)
}
#endif
-static int new_called = 0, remove_called = 0;
+static int new_called, remove_called, get_called;
static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
{
@@ -780,6 +780,7 @@ static SSL_SESSION *get_sess_val = NULL;
static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len,
int *copy)
{
+ get_called++;
*copy = 1;
return get_sess_val;
}
@@ -969,7 +970,7 @@ static int execute_test_session(int maxprot, int use_int_cache,
SSL_CTX_set_max_proto_version(sctx, maxprot);
SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET);
- new_called = remove_called = 0;
+ new_called = remove_called = get_called = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl1, clientssl1,
@@ -985,7 +986,9 @@ static int execute_test_session(int maxprot, int use_int_cache,
if (use_ext_cache) {
SSL_SESSION *tmp = sess2;
- if (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0))
+ if (!TEST_int_eq(new_called, 1)
+ || !TEST_int_eq(remove_called, 0)
+ || !TEST_int_eq(get_called, 0))
goto end;
/*
* Delete the session from the internal cache to force a lookup from
@@ -1001,7 +1004,7 @@ static int execute_test_session(int maxprot, int use_int_cache,
sess2 = tmp;
}
- new_called = remove_called = 0;
+ new_called = remove_called = get_called = 0;
get_sess_val = sess2;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
&clientssl2, NULL, NULL))
@@ -1011,10 +1014,19 @@ static int execute_test_session(int maxprot, int use_int_cache,
|| !TEST_true(SSL_session_reused(clientssl2)))
goto end;
- if (use_ext_cache
- && (!TEST_int_eq(new_called, 0)
- || !TEST_int_eq(remove_called, 0)))
- goto end;
+ if (use_ext_cache) {
+ if (!TEST_int_eq(new_called, 0)
+ || !TEST_int_eq(remove_called, 0))
+ goto end;
+
+ if (maxprot == TLS1_3_VERSION) {
+ if (!TEST_int_eq(get_called, 0))
+ goto end;
+ } else {
+ if (!TEST_int_eq(get_called, 1))
+ goto end;
+ }
+ }
testresult = 1;
More information about the openssl-commits
mailing list