Remove session checks from SSL_clear()

We now allow a different protocol version when reusing a session so we can unconditionally reset the SSL_METHOD if it has changed. Reviewed-by: N Ben Kaduk <kaduk@mit.edu> Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3954)

Remove session checks from SSL_clear()
We now allow a different protocol version when reusing a session so we can unconditionally reset the SSL_METHOD if it has changed. Reviewed-by: N Ben Kaduk <kaduk@mit.edu> Reviewed-by: N Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3954)
24252537 · Matt Caswell · e11b6aa4 · 24252537
隐藏空白更改
内联并排

Showing with 2 addition and 5 deletion

ssl/ssl_lib.c ssl/ssl_lib.c +2 -5

未找到文件。
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -566,12 +566,9 @@ int SSL_clear(SSL *s)

    /*
     * Check to see if we were changed into a different method, if so, revert
-     * back. We always do this in TLSv1.3. Below that we only do it if we are
-     * not doing session-id reuse.
+     * back.
     */
-    if (s->method != s->ctx->method
-            && (SSL_IS_TLS13(s)
-                || (!ossl_statem_get_in_handshake(s) && s->session == NULL))) {
+    if (s->method != s->ctx->method) {
        s->method->ssl_free(s);
        s->method = s->ctx->method;
        if (!s->method->ssl_new(s))