I simplified the SSL session id re-use code now to *always* ditch the previous

one and store the current one, as it makes the code less complex and I'm not
even sure I can check for the same session id using memcmp() like that.

diff --git a/lib/gtls.c b/lib/gtls.c
index f0785424597e82e385c1ff63c480275c397d8d79..002246a0c0b3228b2b3bccb0569f26f4dfc5dc0d 100644 (file)
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -604,18 +604,10 @@ Curl_gtls_connect(struct connectdata *conn,
       /* extract session ID to the allocated buffer */
       gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
 
-      if(ssl_sessionid &&
-         ((connect_idsize != ssl_idsize) ||
-          memcmp(connect_sessionid, ssl_sessionid, ssl_idsize)))
-        /* there was one before in the cache, but without the same size or
-           with different contents so delete the old one */
+      if(ssl_sessionid)
+        /* there was one before in the cache, so instead of risking that the
+           previous one was rejected, we just kill that and store the new */
         Curl_ssl_delsessionid(conn, ssl_sessionid);
-      else if(ssl_sessionid) {
-        /* it was in the cache and its the same one now, just leave it */
-        free(connect_sessionid);
-        return CURLE_OK;
-      }
-
 
       /* store this session id */
       return Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize);