diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2009-05-04 22:20:09 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2009-05-04 22:20:09 +0000 |
| commit | 915dfb494ec0be89724e81af1b050c49d9d13cac (patch) | |
| tree | 6e7625b339dfe2595bc928bac69d1a99de823860 /lib/gtls.c | |
| parent | a16cca768051ae7c2020426fef00bb0ec537477a (diff) | |
- Inspired by Michael Smith's session id fix for OpenSSL, I did the
corresponding fix in the GnuTLS code: make sure to store the new session id
in case the re-used one is rejected.
Diffstat (limited to 'lib/gtls.c')
| -rw-r--r-- | lib/gtls.c | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/lib/gtls.c b/lib/gtls.c index 70b1b2510..f07854245 100644 --- a/lib/gtls.c +++ b/lib/gtls.c @@ -588,20 +588,39 @@ Curl_gtls_connect(struct connectdata *conn, conn->ssl[sockindex].state = ssl_connection_complete; - if(!ssl_sessionid) { - /* this session was not previously in the cache, add it now */ + { + /* we always unconditionally get the session id here, as even if we + already got it from the cache and asked to use it in the connection, it + might've been rejected and then a new one is in use now and we need to + detect that. */ + void *connect_sessionid; + size_t connect_idsize; /* get the session ID data size */ - gnutls_session_get_data(session, NULL, &ssl_idsize); - ssl_sessionid = malloc(ssl_idsize); /* get a buffer for it */ + gnutls_session_get_data(session, NULL, &connect_idsize); + connect_sessionid = malloc(connect_idsize); /* get a buffer for it */ - if(ssl_sessionid) { + if(connect_sessionid) { /* extract session ID to the allocated buffer */ - gnutls_session_get_data(session, ssl_sessionid, &ssl_idsize); + gnutls_session_get_data(session, connect_sessionid, &connect_idsize); + + if(ssl_sessionid && + ((connect_idsize != ssl_idsize) || + memcmp(connect_sessionid, ssl_sessionid, ssl_idsize))) + /* there was one before in the cache, but without the same size or + with different contents so delete the old one */ + Curl_ssl_delsessionid(conn, ssl_sessionid); + else if(ssl_sessionid) { + /* it was in the cache and its the same one now, just leave it */ + free(connect_sessionid); + return CURLE_OK; + } + /* store this session id */ - return Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_idsize); + return Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize); } + } return CURLE_OK; |