diff --git a/CHANGES b/CHANGES index 5ad229b9e8e27f86168bd035d270af04da4a4551..e17a661e911cf93e5807826382369cfc2c6bc1c3 100644 --- a/CHANGES +++ b/CHANGES @@ -13,6 +13,11 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) Do not store session data into the internal session cache, if it + is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP + flag is set). Proposed by Aslam . + [Lutz Jaenicke] + +) Support for crypto accelerator cards from Accelerated Encryption Processing, www.aep.ie. (Use engine 'aep') The support was copied from 0.9.6c [engine] and adapted/corrected diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 49e22bf7fcb8f75704009089afeecd8d51283f8f..1195171a577d7023afd8625ad2336d5a935b7497 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1646,9 +1646,10 @@ void ssl_update_cache(SSL *s,int mode) * and it would be rather hard to do anyway :-) */ if (s->session->session_id_length == 0) return; - if ((s->ctx->session_cache_mode & mode) - && (!s->hit) - && SSL_CTX_add_session(s->ctx,s->session) + i=s->ctx->session_cache_mode; + if ((i & mode) && (!s->hit) + && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) + || SSL_CTX_add_session(s->ctx,s->session)) && (s->ctx->new_session_cb != NULL)) { CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); @@ -1657,7 +1658,6 @@ void ssl_update_cache(SSL *s,int mode) } /* auto flush every 255 connections */ - i=s->ctx->session_cache_mode; if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {