[openssl/openssl] 4842a2: Free up space in the session cache before adding.

Todd Short noreply at github.com
Mon Aug 1 11:18:02 UTC 2022


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 4842a27b902660b672d72d2ed23e941461ca481c
      https://github.com/openssl/openssl/commit/4842a27b902660b672d72d2ed23e941461ca481c
  Author: Todd Short <todd.short at me.com>
  Date:   2022-08-01 (Mon, 01 Aug 2022)

  Changed paths:
    M ssl/ssl_sess.c
    M test/sslapitest.c

  Log Message:
  -----------
  Free up space in the session cache before adding.

Fixes #18690

In some circumstances, it's possible that when using an external
database for the session cache, that pulling in an entry from that
cache to the internal cache will cause the newly added entry to
be deleted from the internal cache. This is likely to happen when
the internal cache is set to have a small size, and the newly added
entry's timeout places it at the end of the cache list.

This could be fixed by updating the timestamp of the session (via
`SSL_SESSION_set_time()` or `SSL_SESSION_set_timeout()`) before
adding to the cache. But that may not be desireable.

Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18905)




More information about the openssl-commits mailing list