From 0457cfe2c74f9fa05dfdd745fa5292dd986b52d4 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 11 May 2020 17:23:35 +0000
Subject: Use ssl_get_new_session() in the TLSv1.3 server.

This correctly handles session being non-NULL and sets up a few more
things, including ssl_version. Also stop setting the ssl_version to the
server_version, as this is only used on the client side.

ok tb@
---
 src/lib/libssl/tls13_server.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 9616f392e1..1c286f573e 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.43 2020/05/10 17:13:30 tb Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.44 2020/05/11 17:23:35 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -34,10 +34,10 @@ tls13_server_init(struct tls13_ctx *ctx)
 	}
 	s->version = ctx->hs->max_version;
 
-	if (!tls1_transcript_init(s))
+	if (!ssl_get_new_session(s, 0)) /* XXX */
 		return 0;
 
-	if ((s->session = SSL_SESSION_new()) == NULL)
+	if (!tls1_transcript_init(s))
 		return 0;
 
 	arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
@@ -262,7 +262,6 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx)
 		goto err;
 
 	s->session->cipher = S3I(s)->hs.new_cipher;
-	s->session->ssl_version = ctx->hs->server_version;
 
 	if ((ctx->aead = tls13_cipher_aead(S3I(s)->hs.new_cipher)) == NULL)
 		goto err;
-- 
cgit v1.2.3-55-g6feb