|
|
@@ -1805,35 +1805,34 @@ void ssl_get_compatible_server_ciphers(SSL *s, uint32_t *out_mask_k, |
|
|
|
*out_mask_a = mask_a; |
|
|
|
} |
|
|
|
|
|
|
|
void ssl_update_cache(SSL *s, int mode) { |
|
|
|
void ssl_update_cache(SSL *ssl, int mode) { |
|
|
|
SSL_CTX *ctx = ssl->initial_ctx; |
|
|
|
/* Never cache sessions with empty session IDs. */ |
|
|
|
if (s->session->session_id_length == 0) { |
|
|
|
if (ssl->session->session_id_length == 0 || |
|
|
|
(ctx->session_cache_mode & mode) != mode) { |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|
int has_new_session = !s->hit; |
|
|
|
if (!s->server && s->tlsext_ticket_expected) { |
|
|
|
/* A client may see new sessions on abbreviated handshakes if the server |
|
|
|
* decides to renew the ticket. Once the handshake is completed, it should |
|
|
|
* be inserted into the cache. */ |
|
|
|
has_new_session = 1; |
|
|
|
} |
|
|
|
/* Clients never use the internal session cache. */ |
|
|
|
int use_internal_cache = ssl->server && !(ctx->session_cache_mode & |
|
|
|
SSL_SESS_CACHE_NO_INTERNAL_STORE); |
|
|
|
|
|
|
|
SSL_CTX *ctx = s->initial_ctx; |
|
|
|
if ((ctx->session_cache_mode & mode) == mode && has_new_session && |
|
|
|
((ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) || |
|
|
|
SSL_CTX_add_session(ctx, s->session)) && |
|
|
|
ctx->new_session_cb != NULL) { |
|
|
|
/* Note: |new_session_cb| is called whether the internal session cache is |
|
|
|
* used or not. */ |
|
|
|
if (!ctx->new_session_cb(s, SSL_SESSION_up_ref(s->session))) { |
|
|
|
SSL_SESSION_free(s->session); |
|
|
|
/* A client may see new sessions on abbreviated handshakes if the server |
|
|
|
* decides to renew the ticket. Once the handshake is completed, it should be |
|
|
|
* inserted into the cache. */ |
|
|
|
if (!ssl->hit || (!ssl->server && ssl->tlsext_ticket_expected)) { |
|
|
|
if (use_internal_cache) { |
|
|
|
SSL_CTX_add_session(ctx, ssl->session); |
|
|
|
} |
|
|
|
if (ctx->new_session_cb != NULL && |
|
|
|
!ctx->new_session_cb(ssl, SSL_SESSION_up_ref(ssl->session))) { |
|
|
|
/* |new_session_cb|'s return value signals whether it took ownership. */ |
|
|
|
SSL_SESSION_free(ssl->session); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if (!(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) && |
|
|
|
!(ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) && |
|
|
|
(ctx->session_cache_mode & mode) == mode) { |
|
|
|
if (use_internal_cache && |
|
|
|
!(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR)) { |
|
|
|
/* Automatically flush the internal session cache every 255 connections. */ |
|
|
|
int flush_cache = 0; |
|
|
|
CRYPTO_MUTEX_lock_write(&ctx->lock); |
|
|
|