On Wed, Feb 27, 2002 at 12:16:13PM +0200, Yoram Zahavi wrote:
> Hi Lutz,
> I've just checked your last patch. I guess additional fix is required.
> setting :
> s->shutdown=0;
>
> should be done only after calling:
> if (ssl_clear_bad_session(s))
> {
> SSL_SESSION_free(s->session);
> s->session=NULL;
> }
>
> Otherwise, the SSL_SENT_SHUTDOWN flag is not taken into account when
> checking out if session should be removed from cache.
Seems you are right again. Moved the bad-session-removal to the top...
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
