From c086cce3d3f3c6a1b18c0f4bfab41686532394a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 2 Aug 2013 14:13:02 +0200 Subject: [PATCH] Don't cache empty session ID nor resumed session --- library/ssl_srv.c | 1 + library/ssl_tls.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index faa110ac1..5b421fc94 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1303,6 +1303,7 @@ static int ssl_write_server_hello( ssl_context *ssl ) */ if( ssl->handshake->resume == 0 && ssl->renegotiation == SSL_INITIAL_HANDSHAKE && + ssl->session_negotiate->length != 0 && ssl->f_get_cache != NULL && ssl->f_get_cache( ssl->p_get_cache, ssl->session_negotiate ) == 0 ) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7e8ff343c..e7902774b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2539,6 +2539,8 @@ static void ssl_calc_finished_tls_sha384( void ssl_handshake_wrapup( ssl_context *ssl ) { + int resume = ssl->handshake->resume; + SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); /* @@ -2570,9 +2572,13 @@ void ssl_handshake_wrapup( ssl_context *ssl ) /* * Add cache entry */ - if( ssl->f_set_cache != NULL ) + if( ssl->f_set_cache != NULL && + ssl->session->length != 0 && + resume == 0 ) + { if( ssl->f_set_cache( ssl->p_set_cache, ssl->session ) != 0 ) SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); + } ssl->state++;