On Wed, Feb 27, 2002 at 12:16:13PM +0200, Yoram Zahavi wrote: > Hi Lutz, > I've just checked your last patch. I guess additional fix is required. > setting : > s->shutdown=0; > > should be done only after calling: > if (ssl_clear_bad_session(s)) > { > SSL_SESSION_free(s->session); > s->session=NULL; > } > > Otherwise, the SSL_SENT_SHUTDOWN flag is not taken into account when > checking out if session should be removed from cache.
Seems you are right again. Moved the bad-session-removal to the top... Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]