From 894c74738f620fa02d1532c2186c5060fbad7e05 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 31 May 2021 15:29:03 +0200 Subject: Curl_ssl_getsessionid: fail if no session cache exists This function might get called for an easy handle for which the session cache hasn't been setup. It now just returns a "miss" in that case. Reported-by: Christoph M. Becker Fixes #7148 Closes #7153 --- lib/vtls/vtls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/vtls') diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 65f4f773d..1e6272b9f 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -407,8 +407,9 @@ bool Curl_ssl_getsessionid(struct Curl_easy *data, DEBUGASSERT(SSL_SET_OPTION(primary.sessionid)); - if(!SSL_SET_OPTION(primary.sessionid)) - /* session ID re-use is disabled */ + if(!SSL_SET_OPTION(primary.sessionid) || !data->state.session) + /* session ID re-use is disabled or the session cache has not been + setup */ return TRUE; /* Lock if shared */ -- cgit v1.2.1