Ensure we free the handshake transcript upon session resumption.

Found the hard way by jmc@ ok tb@
author: jsing <> 2018-11-09 17:43:31 +0000
committer: jsing <> 2018-11-09 17:43:31 +0000
commit: 5de2fb943674362ea7e491eb2b9af43a949a7cf1 (patch)
tree: 46aa99972eae27e863c414b66c65719b132c8b0e /src/lib/libssl/ssl_clnt.c
parent: e3076365506f38e78df5fe822fa92f5279cc68ca (diff)
download: openbsd-5de2fb943674362ea7e491eb2b9af43a949a7cf1.tar.gz
openbsd-5de2fb943674362ea7e491eb2b9af43a949a7cf1.tar.bz2
openbsd-5de2fb943674362ea7e491eb2b9af43a949a7cf1.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 5dbda1f2fa..e9e098aa28 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.39 2018/11/09 05:43:39 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.40 2018/11/09 17:43:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -309,6 +309,9 @@ ssl3_connect(SSL *s)
                                                /* receive renewed session ticket */
                                                S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
                                        }
+                                        /* No client certificate verification. */
+                                        tls1_transcript_free(s);
                                }
                        } else if (SSL_IS_DTLS(s)) {
                                S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
author	jsing <>	2018-11-09 17:43:31 +0000
committer	jsing <>	2018-11-09 17:43:31 +0000
commit	5de2fb943674362ea7e491eb2b9af43a949a7cf1 (patch)
tree	46aa99972eae27e863c414b66c65719b132c8b0e /src/lib/libssl/ssl_clnt.c
parent	e3076365506f38e78df5fe822fa92f5279cc68ca (diff)
download	openbsd-5de2fb943674362ea7e491eb2b9af43a949a7cf1.tar.gz openbsd-5de2fb943674362ea7e491eb2b9af43a949a7cf1.tar.bz2 openbsd-5de2fb943674362ea7e491eb2b9af43a949a7cf1.zip