aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls/polarssl.c
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2016-06-12 23:47:12 -0400
committerJay Satiro <raysatiro@yahoo.com>2016-06-22 02:33:29 -0400
commit04b4ee5498b14d320e3b375c64d0162cc2b53c99 (patch)
tree8b9c10dfced26473f014bd8bcf37296237f35e2a /lib/vtls/polarssl.c
parent046c2c85c4c365d4ae8a621d7886caf96f51e0e7 (diff)
vtls: Only call add/getsession if session id is enabled
Prior to this change we called Curl_ssl_getsessionid and Curl_ssl_addsessionid regardless of whether session ID reusing was enabled. According to comments that is in case session ID reuse was disabled but then later enabled. The old way was not intuitive and probably not something users expected. When a user disables session ID caching I'd guess they don't expect the session ID to be cached anyway in case the caching is later enabled.
Diffstat (limited to 'lib/vtls/polarssl.c')
-rw-r--r--lib/vtls/polarssl.c72
1 files changed, 40 insertions, 32 deletions
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index 14a098b39..25d9d1678 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -150,7 +150,6 @@ polarssl_connect_step1(struct connectdata *conn,
#else
struct in_addr addr;
#endif
- void *old_session = NULL;
char errorbuf[128];
errorbuf[0]=0;
@@ -337,15 +336,21 @@ polarssl_connect_step1(struct connectdata *conn,
net_send, &conn->sock[sockindex]);
ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &old_session, NULL)) {
- ret = ssl_set_session(&connssl->ssl, old_session);
- Curl_ssl_sessionid_unlock(conn);
- if(ret) {
- failf(data, "ssl_set_session returned -0x%x", -ret);
- return CURLE_SSL_CONNECT_ERROR;
+
+ /* Check if there's a cached ID we can/should use here! */
+ if(conn->ssl_config.sessionid) {
+ void *old_session = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, &old_session, NULL)) {
+ ret = ssl_set_session(&connssl->ssl, old_session);
+ Curl_ssl_sessionid_unlock(conn);
+ if(ret) {
+ failf(data, "ssl_set_session returned -0x%x", -ret);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ infof(data, "PolarSSL re-using session\n");
}
- infof(data, "PolarSSL re-using session\n");
}
ssl_set_ca_chain(&connssl->ssl,
@@ -555,35 +560,38 @@ polarssl_connect_step3(struct connectdata *conn,
CURLcode retcode = CURLE_OK;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct SessionHandle *data = conn->data;
- void *old_ssl_sessionid = NULL;
- ssl_session *our_ssl_sessionid;
- int ret;
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
- our_ssl_sessionid = malloc(sizeof(ssl_session));
- if(!our_ssl_sessionid)
- return CURLE_OUT_OF_MEMORY;
+ if(conn->ssl_config.sessionid) {
+ int ret;
+ ssl_session *our_ssl_sessionid;
+ void *old_ssl_sessionid = NULL;
- ssl_session_init(our_ssl_sessionid);
+ our_ssl_sessionid = malloc(sizeof(ssl_session));
+ if(!our_ssl_sessionid)
+ return CURLE_OUT_OF_MEMORY;
- ret = ssl_get_session(&connssl->ssl, our_ssl_sessionid);
- if(ret) {
- failf(data, "ssl_get_session returned -0x%x", -ret);
- return CURLE_SSL_CONNECT_ERROR;
- }
+ ssl_session_init(our_ssl_sessionid);
- /* If there's already a matching session in the cache, delete it */
- Curl_ssl_sessionid_lock(conn);
- if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL))
- Curl_ssl_delsessionid(conn, old_ssl_sessionid);
-
- retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0);
- Curl_ssl_sessionid_unlock(conn);
- if(retcode) {
- free(our_ssl_sessionid);
- failf(data, "failed to store ssl session");
- return retcode;
+ ret = ssl_get_session(&connssl->ssl, our_ssl_sessionid);
+ if(ret) {
+ failf(data, "ssl_get_session returned -0x%x", -ret);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* If there's already a matching session in the cache, delete it */
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL))
+ Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+
+ retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0);
+ Curl_ssl_sessionid_unlock(conn);
+ if(retcode) {
+ free(our_ssl_sessionid);
+ failf(data, "failed to store ssl session");
+ return retcode;
+ }
}
connssl->connecting_state = ssl_connect_done;