diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2020-09-14 18:25:24 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2020-09-14 18:25:24 +0000 |
commit | 918cc65ccb8a736ea4e71e7d96a3d7e16680c958 (patch) | |
tree | 1490341f7b3a427cd0e9c5d3b084da8942f23ad3 /lib | |
parent | 266b995bd335486e027446bda66b26e97777a3c6 (diff) |
Cleanup and simplify SSL_set_session().
SSL_set_ssl_method() checks to see if the method is already the same, so
we do not need to do this check in three different places. Switch to
dtls1_get_client_method()/tls1_get_client_method() to find the method -
this is a slight change in behaviour, however there is not much point
trying to resume a session on something other than a client.
ok beck@
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/ssl_sess.c | 58 |
1 files changed, 22 insertions, 36 deletions
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 3af4cfa79c3..4f9252679aa 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.97 2020/09/02 08:04:06 tb Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.98 2020/09/14 18:25:23 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -776,45 +776,31 @@ SSL_SESSION_up_ref(SSL_SESSION *ss) int SSL_set_session(SSL *s, SSL_SESSION *session) { - int ret = 0; - const SSL_METHOD *meth; - - if (session != NULL) { - meth = s->ctx->method->internal->get_ssl_method(session->ssl_version); - if (meth == NULL) - meth = s->method->internal->get_ssl_method(session->ssl_version); - if (meth == NULL) { - SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); - return (0); - } + const SSL_METHOD *method; - if (meth != s->method) { - if (!SSL_set_ssl_method(s, meth)) - return (0); - } + if (session == NULL) { + SSL_SESSION_free(s->session); + s->session = NULL; - /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ - CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); - if (s->session != NULL) - SSL_SESSION_free(s->session); - s->session = session; - s->verify_result = s->session->verify_result; - /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ - ret = 1; - } else { - if (s->session != NULL) { - SSL_SESSION_free(s->session); - s->session = NULL; - } + return SSL_set_ssl_method(s, s->ctx->method); + } - meth = s->ctx->method; - if (meth != s->method) { - if (!SSL_set_ssl_method(s, meth)) - return (0); - } - ret = 1; + if ((method = tls1_get_client_method(session->ssl_version)) == NULL) + method = dtls1_get_client_method(session->ssl_version); + if (method == NULL) { + SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); + return (0); } - return (ret); + + if (!SSL_set_ssl_method(s, method)) + return (0); + + CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_free(s->session); + s->session = session; + s->verify_result = s->session->verify_result; + + return (1); } size_t |