From 6a8afe2201cd888e472e44225d3c9ca5fae1ca62 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 20 Nov 2002 10:48:58 +0000 Subject: [PATCH] Fix bug introduced by the attempt to fix client side external session caching (#288): now internal caching failed (#351): Make sure, that cipher_id is set before comparing. Submitted by: Reviewed by: PR: 288 (and 351) --- CHANGES | 7 +++++++ ssl/s3_clnt.c | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/CHANGES b/CHANGES index 43a0ffcfb7..9104c1fc7b 100644 --- a/CHANGES +++ b/CHANGES @@ -2111,6 +2111,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] + *) Bugfix: client side session caching did not work with external caching, + because the session->cipher setting was not restored when reloading + from the external cache. This problem was masked, when + SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set. + (Found by Steve Haslam .) + [Lutz Jaenicke] + *) Fix client_certificate (ssl/s2_clnt.c): The permissible total length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33. [Zeev Lieber ] diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index bc7523cdf1..45bea069f2 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -722,6 +722,11 @@ static int ssl3_get_server_hello(SSL *s) goto f_err; } + /* Depending on the session caching (internal/external), the cipher + and/or cipher_id values may not be set. Make sure that + cipher_id is set and use it for comparison. */ + if (s->session->cipher) + s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { if (!(s->options & -- 2.40.0