diff options
author | Matt Caswell <matt@openssl.org> | 2018-03-15 17:47:29 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-03-19 12:21:17 +0000 |
commit | 32305f88509c1d9ccb3ad676209a25fa59b95488 (patch) | |
tree | 465d5906e932f6f930061a32e60c003b89f2b1a9 /ssl/ssl_sess.c | |
parent | 51cf8ba038aae10df9895b0001715938f7ad0c75 (diff) | |
download | openssl-new-32305f88509c1d9ccb3ad676209a25fa59b95488.tar.gz |
Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3
Conceptually in TLSv1.3 there can be multiple sessions associated with a
single connection. Each NewSessionTicket issued can be considered a
separate session. We can end up issuing multiple NewSessionTickets on a
single connection at the moment (e.g. in a post-handshake auth scenario).
Each of those issued tickets should have the new_session_cb called, it
should go into the session cache separately and it should have a unique
id associated with it (so that they can be found individually in the
cache).
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
Diffstat (limited to 'ssl/ssl_sess.c')
-rw-r--r-- | ssl/ssl_sess.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 1873237c70..5e44d4c41f 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -417,7 +417,13 @@ int ssl_get_new_session(SSL *s, int session) s->session = NULL; if (session) { - if (!ssl_generate_session_id(s, ss)) { + if (SSL_IS_TLS13(s)) { + /* + * We generate the session id while constructing the + * NewSessionTicket in TLSv1.3. + */ + ss->session_id_length = 0; + } else if (!ssl_generate_session_id(s, ss)) { /* SSLfatal() already called */ SSL_SESSION_free(ss); return 0; |