CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2024/07/19 22:04:23
Modified files: lib/libssl : d1_pkt.c ssl_asn1.c ssl_ciph.c ssl_clnt.c ssl_lib.c ssl_local.h ssl_pkt.c ssl_sess.c ssl_srvr.c ssl_txt.c t1_enc.c tls13_client.c tls13_server.c Log message: Remove cipher from SSL_SESSION. For a long time SSL_SESSION has had both a cipher ID and a pointer to an SSL_CIPHER (and not both are guaranteed to be populated). There is also a pointer to an SSL_CIPHER in the SSL_HANDSHAKE that denotes the cipher being used for this connection. Some code has been using the cipher from SSL_SESSION and some code has been using the cipher from SSL_HANDSHAKE. Remove cipher from SSL_SESSION and use the version in SSL_HANDSHAKE everywhere. If resuming from a session then we need to use the SSL_SESSION cipher ID to set the SSL_HANDSHAKE cipher. And we still need to ensure that we update the cipher ID in the SSL_SESSION whenever the SSL_HANDSHAKE cipher changes (this only occurs in a few places). ok tb@