diff options
| author | Mike DePaulo <mikedep333@gmail.com> | 2015-01-10 12:26:41 -0500 |
|---|---|---|
| committer | Mike DePaulo <mikedep333@gmail.com> | 2015-01-10 13:07:24 -0500 |
| commit | 4668cbfa14460fbead98ec3a904a58df1f41c4c3 (patch) | |
| tree | 72b1fec2e5bfb8ea8ffad514d923c65e9ef38135 /openssl/ssl/ssl_sess.c | |
| parent | 15915c262c1334282d0ab2a3fdb2c416e91b51cf (diff) | |
| download | vcxsrv-4668cbfa14460fbead98ec3a904a58df1f41c4c3.tar.gz vcxsrv-4668cbfa14460fbead98ec3a904a58df1f41c4c3.tar.bz2 vcxsrv-4668cbfa14460fbead98ec3a904a58df1f41c4c3.zip | |
Update openssl to version openssl-1.0.1k
Conflicts:
openssl/Makefile
Diffstat (limited to 'openssl/ssl/ssl_sess.c')
| -rw-r--r-- | openssl/ssl/ssl_sess.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/openssl/ssl/ssl_sess.c b/openssl/ssl/ssl_sess.c index ad40fadd0..235f92d82 100644 --- a/openssl/ssl/ssl_sess.c +++ b/openssl/ssl/ssl_sess.c @@ -335,7 +335,21 @@ int ssl_get_new_session(SSL *s, int session) return(0); } #ifndef OPENSSL_NO_TLSEXT - /* If RFC4507 ticket use empty session ID */ + /* + * If RFC5077 ticket, use empty session ID (as server). + * Note that: + * (a) ssl_get_prev_session() does lookahead into the + * ClientHello extensions to find the session ticket. + * When ssl_get_prev_session() fails, s3_srvr.c calls + * ssl_get_new_session() in ssl3_get_client_hello(). + * At that point, it has not yet parsed the extensions, + * however, because of the lookahead, it already knows + * whether a ticket is expected or not. + * + * (b) s3_clnt.c calls ssl_get_new_session() before parsing + * ServerHello extensions, and before recording the session + * ID received from the server, so this block is a noop. + */ if (s->tlsext_ticket_expected) { ss->session_id_length = 0; |