diff options
author | David Benjamin <davidben@google.com> | 2021-05-10 15:57:45 -0400 |
---|---|---|
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2021-05-13 16:37:52 +0000 |
commit | 71a3b826636eee85c20f064ef318f0935416a479 (patch) | |
tree | 551c4ff13d7948bcb8abfde155b20e351397896a /ssl/ssl_session.cc | |
parent | 6ff942985389b9b64b944b98ab3e8a66e1eb436d (diff) | |
download | boringssl-71a3b826636eee85c20f064ef318f0935416a479.zip boringssl-71a3b826636eee85c20f064ef318f0935416a479.tar.gz boringssl-71a3b826636eee85c20f064ef318f0935416a479.tar.bz2 |
Check for resumption identifiers in SSL_SESSION_is_resumable.
This aligns with OpenSSL. In particular, we clear not_resumable as soon
as the SSL_SESSION is complete, but it may not have an ID or ticket.
(Due to APIs like SSL_get_session, SSL_SESSION needs to act both as a
resumption handle and a bundle of connection properties.)
Along the way, use the modified function in a few internal checks which,
with the ssl_update_cache change, removes the last dependency within the
library on the placeholder SHA256 IDs.
Change-Id: Ic225109ff31ec63ec08625e9f61a20cf0d9dd648
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47447
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/ssl_session.cc')
-rw-r--r-- | ssl/ssl_session.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc index 41df63f..a52ec3d 100644 --- a/ssl/ssl_session.cc +++ b/ssl/ssl_session.cc @@ -1004,7 +1004,8 @@ int SSL_SESSION_should_be_single_use(const SSL_SESSION *session) { } int SSL_SESSION_is_resumable(const SSL_SESSION *session) { - return !session->not_resumable; + return !session->not_resumable && + (session->session_id_length != 0 || !session->ticket.empty()); } int SSL_SESSION_has_ticket(const SSL_SESSION *session) { |