aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2009-05-04 22:20:09 +0000
committerDaniel Stenberg <daniel@haxx.se>2009-05-04 22:20:09 +0000
commit915dfb494ec0be89724e81af1b050c49d9d13cac (patch)
tree6e7625b339dfe2595bc928bac69d1a99de823860 /lib
parenta16cca768051ae7c2020426fef00bb0ec537477a (diff)
- Inspired by Michael Smith's session id fix for OpenSSL, I did the
corresponding fix in the GnuTLS code: make sure to store the new session id in case the re-used one is rejected.
Diffstat (limited to 'lib')
-rw-r--r--lib/gtls.c33
1 files changed, 26 insertions, 7 deletions
diff --git a/lib/gtls.c b/lib/gtls.c
index 70b1b2510..f07854245 100644
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -588,20 +588,39 @@ Curl_gtls_connect(struct connectdata *conn,
conn->ssl[sockindex].state = ssl_connection_complete;
- if(!ssl_sessionid) {
- /* this session was not previously in the cache, add it now */
+ {
+ /* we always unconditionally get the session id here, as even if we
+ already got it from the cache and asked to use it in the connection, it
+ might've been rejected and then a new one is in use now and we need to
+ detect that. */
+ void *connect_sessionid;
+ size_t connect_idsize;
/* get the session ID data size */
- gnutls_session_get_data(session, NULL, &ssl_idsize);
- ssl_sessionid = malloc(ssl_idsize); /* get a buffer for it */
+ gnutls_session_get_data(session, NULL, &connect_idsize);
+ connect_sessionid = malloc(connect_idsize); /* get a buffer for it */
- if(ssl_sessionid) {
+ if(connect_sessionid) {
/* extract session ID to the allocated buffer */
- gnutls_session_get_data(session, ssl_sessionid, &ssl_idsize);
+ gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
+
+ if(ssl_sessionid &&
+ ((connect_idsize != ssl_idsize) ||
+ memcmp(connect_sessionid, ssl_sessionid, ssl_idsize)))
+ /* there was one before in the cache, but without the same size or
+ with different contents so delete the old one */
+ Curl_ssl_delsessionid(conn, ssl_sessionid);
+ else if(ssl_sessionid) {
+ /* it was in the cache and its the same one now, just leave it */
+ free(connect_sessionid);
+ return CURLE_OK;
+ }
+
/* store this session id */
- return Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_idsize);
+ return Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize);
}
+
}
return CURLE_OK;