[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Tue Jul 16 13:03:57 UTC 2019 

The branch OpenSSL_1_1_1-stable has been updated
       via  686ead4537ade69368ebf87679397105aee5d5c8 (commit)
      from  2b7efbd03295f8a345b63acd212e22cb5a3d19df (commit)


- Log -----------------------------------------------------------------
commit 686ead4537ade69368ebf87679397105aee5d5c8
Author: Todd Short <tshort at akamai.com>
Date:   Mon Jul 15 09:55:13 2019 -0400

    Fix SSL_CTX_set_session_id_context() docs
    
    Also, use define rather than sizeof
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9377)
    
    (cherry picked from commit fe9edc9d39c96c965efc4fde12ddf7fa8a852025)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CTX_set_session_id_context.pod | 4 ++--
 ssl/ssl_lib.c                               | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/man3/SSL_CTX_set_session_id_context.pod b/doc/man3/SSL_CTX_set_session_id_context.pod
index d832350..9270b10 100644
--- a/doc/man3/SSL_CTX_set_session_id_context.pod
+++ b/doc/man3/SSL_CTX_set_session_id_context.pod
@@ -42,7 +42,7 @@ OpenSSL clients will check the session id context returned by the server
 when reusing a session.
 
 The maximum length of the B<sid_ctx> is limited to
-B<SSL_MAX_SSL_SESSION_ID_LENGTH>.
+B<SSL_MAX_SID_CTX_LENGTH>.
 
 =head1 WARNINGS
 
@@ -67,7 +67,7 @@ return the following values:
 =item Z<>0
 
 The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
-the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
+the maximum allowed length of B<SSL_MAX_SID_CTX_LENGTH>. The error
 is logged to the error stack.
 
 =item Z<>1
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 4e945dc..ac820cf 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -872,7 +872,7 @@ int SSL_up_ref(SSL *s)
 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
                                    unsigned int sid_ctx_len)
 {
-    if (sid_ctx_len > sizeof(ctx->sid_ctx)) {
+    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
         SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
                SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
         return 0;

More information about the openssl-commits mailing list