mirror of
https://github.com/openssl/openssl.git
synced 2024-12-09 05:51:54 +08:00
d316cdcf6d
The sid_ctx is something of a "certificate request context" or a "session ID context" -- something from the application that gives extra indication of what sort of thing this session is/was for/from. Without a sid_ctx, we only know that there is a session that we issued, but it could have come from a number of things, especially with an external (shared) session cache. Accordingly, when resuming, we will hard-error the handshake when presented with a session with zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no information about the peer to verify, so the verification must fail. In order to prevent these future handshake failures, proactively decline to add the problematic sessions to the session cache. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5175) |
||
|---|---|---|
| .. | ||
| record | ||
| statem | ||
| bio_ssl.c | ||
| build.info | ||
| d1_lib.c | ||
| d1_msg.c | ||
| d1_srtp.c | ||
| methods.c | ||
| packet_locl.h | ||
| packet.c | ||
| pqueue.c | ||
| s3_cbc.c | ||
| s3_enc.c | ||
| s3_lib.c | ||
| s3_msg.c | ||
| ssl_asn1.c | ||
| ssl_cert_table.h | ||
| ssl_cert.c | ||
| ssl_ciph.c | ||
| ssl_conf.c | ||
| ssl_err.c | ||
| ssl_init.c | ||
| ssl_lib.c | ||
| ssl_locl.h | ||
| ssl_mcnf.c | ||
| ssl_rsa.c | ||
| ssl_sess.c | ||
| ssl_stat.c | ||
| ssl_txt.c | ||
| ssl_utst.c | ||
| t1_enc.c | ||
| t1_lib.c | ||
| t1_trce.c | ||
| tls13_enc.c | ||
| tls_srp.c | ||