This is a patch to openssl-0.9.5a that makes sure that the session_cache_mode is used to determine whether a session is resumed or renegotiated. Previously clients always attempted a session resume if the session id was non NULL. So now SSL_CTX_new sets the cache mode to client or server depending on whether the method is client or server. Also client_hello from s2_clnt.c and s3_clnt hello only attempt a session resume if the SSL_SESS_CACHE_CLIENT is set. nagendra
diff -urN openssl-0.9.5a/ssl/s2_clnt.c openssl-0.9.5a-work/ssl/s2_clnt.c --- openssl-0.9.5a/ssl/s2_clnt.c Thu Feb 3 15:23:22 2000 +++ openssl-0.9.5a-work/ssl/s2_clnt.c Tue Jun 20 18:07:57 2000 @@ -473,7 +473,8 @@ if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A) { if ((s->session == NULL) || - (s->session->ssl_version != s->version)) + (s->session->ssl_version != s->version) || + !(s->ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT)) { if (!ssl_get_new_session(s,0)) { diff -urN openssl-0.9.5a/ssl/s3_clnt.c openssl-0.9.5a-work/ssl/s3_clnt.c --- openssl-0.9.5a/ssl/s3_clnt.c Mon Mar 27 13:28:27 2000 +++ openssl-0.9.5a-work/ssl/s3_clnt.c Tue Jun 20 16:49:52 2000 @@ -456,7 +456,8 @@ { if ((s->session == NULL) || (s->session->ssl_version != s->version) || - (s->session->not_resumable)) + (s->session->not_resumable) || + !(s->ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT)) { if (!ssl_get_new_session(s,0)) goto err; diff -urN openssl-0.9.5a/ssl/ssl_lib.c openssl-0.9.5a-work/ssl/ssl_lib.c --- openssl-0.9.5a/ssl/ssl_lib.c Mon Mar 27 13:28:28 2000 +++ openssl-0.9.5a-work/ssl/ssl_lib.c Tue Jun 20 16:53:22 2000 @@ -1108,7 +1108,12 @@ ret->method=meth; ret->cert_store=NULL; - ret->session_cache_mode=SSL_SESS_CACHE_SERVER; + + if(meth->ssl_accept == ssl_undefined_function) + ret->session_cache_mode=SSL_SESS_CACHE_CLIENT; + else + ret->session_cache_mode=SSL_SESS_CACHE_SERVER; + ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; ret->session_cache_head=NULL; ret->session_cache_tail=NULL;