This is a patch to openssl-0.9.5a that makes sure that the
session_cache_mode is used to determine whether a session is resumed or
renegotiated. Previously clients always attempted a session resume if the
session id was non NULL.
So now SSL_CTX_new sets the cache mode to client or server depending on
whether the method is client or server. Also client_hello from s2_clnt.c
and s3_clnt hello only attempt a session resume if the
SSL_SESS_CACHE_CLIENT is set.
nagendra
diff -urN openssl-0.9.5a/ssl/s2_clnt.c openssl-0.9.5a-work/ssl/s2_clnt.c
--- openssl-0.9.5a/ssl/s2_clnt.c Thu Feb 3 15:23:22 2000
+++ openssl-0.9.5a-work/ssl/s2_clnt.c Tue Jun 20 18:07:57 2000
@@ -473,7 +473,8 @@
if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A)
{
if ((s->session == NULL) ||
- (s->session->ssl_version != s->version))
+ (s->session->ssl_version != s->version) ||
+ !(s->ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT))
{
if (!ssl_get_new_session(s,0))
{
diff -urN openssl-0.9.5a/ssl/s3_clnt.c openssl-0.9.5a-work/ssl/s3_clnt.c
--- openssl-0.9.5a/ssl/s3_clnt.c Mon Mar 27 13:28:27 2000
+++ openssl-0.9.5a-work/ssl/s3_clnt.c Tue Jun 20 16:49:52 2000
@@ -456,7 +456,8 @@
{
if ((s->session == NULL) ||
(s->session->ssl_version != s->version) ||
- (s->session->not_resumable))
+ (s->session->not_resumable) ||
+ !(s->ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT))
{
if (!ssl_get_new_session(s,0))
goto err;
diff -urN openssl-0.9.5a/ssl/ssl_lib.c openssl-0.9.5a-work/ssl/ssl_lib.c
--- openssl-0.9.5a/ssl/ssl_lib.c Mon Mar 27 13:28:28 2000
+++ openssl-0.9.5a-work/ssl/ssl_lib.c Tue Jun 20 16:53:22 2000
@@ -1108,7 +1108,12 @@
ret->method=meth;
ret->cert_store=NULL;
- ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
+
+ if(meth->ssl_accept == ssl_undefined_function)
+ ret->session_cache_mode=SSL_SESS_CACHE_CLIENT;
+ else
+ ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
+
ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
ret->session_cache_head=NULL;
ret->session_cache_tail=NULL;
