Warmcat homepage andy@warmcat.com
libwebsockets
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1753411854, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"53ce42e60d1b39c19ac5448f56b6c2d8", "commit": {"type":"commit", "time": 1531818730, "time_ofs": 60, "oid_tree": { "oid": "385cf0d60d170fb8ae7518923257c44bc7f4f164", "alias": []}, "oid":{ "oid": "84475ccb70da709c9a0035561429a34700b565d9", "alias": []}, "msg": "Don't remove sessions from the cache during PHA in TLSv1.3", "sig_commit": { "git_time": { "time": 1531818730, "offset": 60 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }, "sig_author": { "git_time": { "time": 1531749455, "offset": 60 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }}, "body": "Don't remove sessions from the cache during PHA in TLSv1.3\n\nIf we issue new tickets due to post-handshake authentication there is no\nreason to remove previous tickets from the cache. The code that did that\nonly removed the last session anyway - so if more than one ticket got\nissued then those other tickets are still valid.\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/6722)\n" , "diff": "diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c\nindex 5c59eb8..01b07a9 100644\n--- a/ssl/statem/statem_srvr.c\n+++ b/ssl/statem/statem_srvr.c\n@@ -3648,8 +3648,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)\n */\n \n if (s-\u003epost_handshake_auth \u003d\u003d SSL_PHA_REQUESTED) {\n- int m \u003d s-\u003esession_ctx-\u003esession_cache_mode;\n-\n if ((new_sess \u003d ssl_session_dup(s-\u003esession, 0)) \u003d\u003d 0) {\n SSLfatal(s, SSL_AD_INTERNAL_ERROR,\n SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,\n@@ -3657,13 +3655,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)\n goto err;\n }\n \n- if (m \u0026 SSL_SESS_CACHE_SERVER) {\n- /*\n- * Remove the old session from the cache. We carry on if this fails\n- */\n- SSL_CTX_remove_session(s-\u003esession_ctx, s-\u003esession);\n- }\n-\n SSL_SESSION_free(s-\u003esession);\n s-\u003esession \u003d new_sess;\n }\n","s":{"c":1753411854,"u": 43642}} ],"g": 45119,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}