diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2016-06-12 23:47:12 -0400 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2016-06-22 02:33:29 -0400 |
commit | 04b4ee5498b14d320e3b375c64d0162cc2b53c99 (patch) | |
tree | 8b9c10dfced26473f014bd8bcf37296237f35e2a /lib/vtls/gtls.c | |
parent | 046c2c85c4c365d4ae8a621d7886caf96f51e0e7 (diff) |
vtls: Only call add/getsession if session id is enabled
Prior to this change we called Curl_ssl_getsessionid and
Curl_ssl_addsessionid regardless of whether session ID reusing was
enabled. According to comments that is in case session ID reuse was
disabled but then later enabled.
The old way was not intuitive and probably not something users expected.
When a user disables session ID caching I'd guess they don't expect the
session ID to be cached anyway in case the caching is later enabled.
Diffstat (limited to 'lib/vtls/gtls.c')
-rw-r--r-- | lib/vtls/gtls.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index d8b92e348..bd4f67c92 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -370,8 +370,6 @@ gtls_connect_step1(struct connectdata *conn, struct SessionHandle *data = conn->data; gnutls_session_t session; int rc; - void *ssl_sessionid; - size_t ssl_idsize; bool sni = TRUE; /* default is SNI enabled */ #ifdef ENABLE_IPV6 struct in6_addr addr; @@ -749,16 +747,20 @@ gtls_connect_step1(struct connectdata *conn, /* This might be a reconnect, so we check for a session ID in the cache to speed up things */ + if(conn->ssl_config.sessionid) { + void *ssl_sessionid; + size_t ssl_idsize; - Curl_ssl_sessionid_lock(conn); - if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize)) { - /* we got a session id, use it! */ - gnutls_session_set_data(session, ssl_sessionid, ssl_idsize); + Curl_ssl_sessionid_lock(conn); + if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize)) { + /* we got a session id, use it! */ + gnutls_session_set_data(session, ssl_sessionid, ssl_idsize); - /* Informational message */ - infof (data, "SSL re-using session ID\n"); + /* Informational message */ + infof (data, "SSL re-using session ID\n"); + } + Curl_ssl_sessionid_unlock(conn); } - Curl_ssl_sessionid_unlock(conn); return CURLE_OK; } @@ -841,8 +843,6 @@ gtls_connect_step3(struct connectdata *conn, struct SessionHandle *data = conn->data; gnutls_session_t session = conn->ssl[sockindex].session; int rc; - bool incache; - void *ssl_sessionid; #ifdef HAS_ALPN gnutls_datum_t proto; #endif @@ -1270,11 +1270,13 @@ gtls_connect_step3(struct connectdata *conn, conn->recv[sockindex] = gtls_recv; conn->send[sockindex] = gtls_send; - { + if(conn->ssl_config.sessionid) { /* we always unconditionally get the session id here, as even if we already got it from the cache and asked to use it in the connection, it might've been rejected and then a new one is in use now and we need to detect that. */ + bool incache; + void *ssl_sessionid; void *connect_sessionid; size_t connect_idsize = 0; |