diff options
| author | jsing <> | 2020-09-14 18:25:23 +0000 |
|---|---|---|
| committer | jsing <> | 2020-09-14 18:25:23 +0000 |
| commit | b72413066987ff52cb0d9052cada638fe6ac8cc5 (patch) | |
| tree | 943328bd9295301a7dc1fcb2f5eeef22f5853b6b /src | |
| parent | a71bd2f78782e607e73c59e36b2cbb2249d3dfe2 (diff) | |
| download | openbsd-b72413066987ff52cb0d9052cada638fe6ac8cc5.tar.gz openbsd-b72413066987ff52cb0d9052cada638fe6ac8cc5.tar.bz2 openbsd-b72413066987ff52cb0d9052cada638fe6ac8cc5.zip | |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so
we do not need to do this check in three different places. Switch to
dtls1_get_client_method()/tls1_get_client_method() to find the method -
this is a slight change in behaviour, however there is not much point
trying to resume a session on something other than a client.
ok beck@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 58 |
1 files changed, 22 insertions, 36 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 3af4cfa79c..4f9252679a 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.97 2020/09/02 08:04:06 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.98 2020/09/14 18:25:23 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -776,45 +776,31 @@ SSL_SESSION_up_ref(SSL_SESSION *ss) | |||
| 776 | int | 776 | int |
| 777 | SSL_set_session(SSL *s, SSL_SESSION *session) | 777 | SSL_set_session(SSL *s, SSL_SESSION *session) |
| 778 | { | 778 | { |
| 779 | int ret = 0; | 779 | const SSL_METHOD *method; |
| 780 | const SSL_METHOD *meth; | ||
| 781 | |||
| 782 | if (session != NULL) { | ||
| 783 | meth = s->ctx->method->internal->get_ssl_method(session->ssl_version); | ||
| 784 | if (meth == NULL) | ||
| 785 | meth = s->method->internal->get_ssl_method(session->ssl_version); | ||
| 786 | if (meth == NULL) { | ||
| 787 | SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); | ||
| 788 | return (0); | ||
| 789 | } | ||
| 790 | 780 | ||
| 791 | if (meth != s->method) { | 781 | if (session == NULL) { |
| 792 | if (!SSL_set_ssl_method(s, meth)) | 782 | SSL_SESSION_free(s->session); |
| 793 | return (0); | 783 | s->session = NULL; |
| 794 | } | ||
| 795 | 784 | ||
| 796 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ | 785 | return SSL_set_ssl_method(s, s->ctx->method); |
| 797 | CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); | 786 | } |
| 798 | if (s->session != NULL) | ||
| 799 | SSL_SESSION_free(s->session); | ||
| 800 | s->session = session; | ||
| 801 | s->verify_result = s->session->verify_result; | ||
| 802 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ | ||
| 803 | ret = 1; | ||
| 804 | } else { | ||
| 805 | if (s->session != NULL) { | ||
| 806 | SSL_SESSION_free(s->session); | ||
| 807 | s->session = NULL; | ||
| 808 | } | ||
| 809 | 787 | ||
| 810 | meth = s->ctx->method; | 788 | if ((method = tls1_get_client_method(session->ssl_version)) == NULL) |
| 811 | if (meth != s->method) { | 789 | method = dtls1_get_client_method(session->ssl_version); |
| 812 | if (!SSL_set_ssl_method(s, meth)) | 790 | if (method == NULL) { |
| 813 | return (0); | 791 | SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); |
| 814 | } | 792 | return (0); |
| 815 | ret = 1; | ||
| 816 | } | 793 | } |
| 817 | return (ret); | 794 | |
| 795 | if (!SSL_set_ssl_method(s, method)) | ||
| 796 | return (0); | ||
| 797 | |||
| 798 | CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); | ||
| 799 | SSL_SESSION_free(s->session); | ||
| 800 | s->session = session; | ||
| 801 | s->verify_result = s->session->verify_result; | ||
| 802 | |||
| 803 | return (1); | ||
| 818 | } | 804 | } |
| 819 | 805 | ||
| 820 | size_t | 806 | size_t |