From 826108f8a9b9e1ce5bf0a2ba0f8e70b746a6652f Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 9 Nov 2018 17:43:31 +0000
Subject: Ensure we free the handshake transcript upon session resumption.

Found the hard way by jmc@

ok tb@
---
 src/lib/libssl/ssl_clnt.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 5dbda1f2fa..e9e098aa28 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.39 2018/11/09 05:43:39 beck Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.40 2018/11/09 17:43:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -309,6 +309,9 @@ ssl3_connect(SSL *s)
 						/* receive renewed session ticket */
 						S3I(s)->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
 					}
+
+					/* No client certificate verification. */
+					tls1_transcript_free(s);
 				}
 			} else if (SSL_IS_DTLS(s)) {
 				S3I(s)->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
-- 
cgit v1.2.3-55-g6feb