Remove the SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED sanity check.
While the sanity check isn't insane (one should arrange for sessions to be invalidated once client auth settings change, and a sid_ctx is one way to do it), this check lives in a poor place to enforce configuration mistakes. To be effective, it needs to happen at the start of the handshake, independent of the ClientHello from the peer. But the benefit this check gives is low compared to the trouble it will be to continually maintain this difference from OpenSSL (our own ssl_test and bssl_shim forget to set a dummy sid_ctx). Instead, remove it so we don't have to duplicate it across TLS 1.2 and TLS 1.3. Also so we don't have weird failures which only manifest once a resuming client connects. Change-Id: Ia7f88711701afde5e26b7782c2264ce78dccc89b Reviewed-on: https://boringssl-review.googlesource.com/9112 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
parent
057b678dca
commit
56d280da2f
@ -669,20 +669,6 @@ enum ssl_session_result_t ssl_get_prev_session(
|
||||
goto no_session;
|
||||
}
|
||||
|
||||
if ((ssl->verify_mode & SSL_VERIFY_PEER) && ssl->sid_ctx_length == 0) {
|
||||
/* We can't be sure if this session is being used out of context, which is
|
||||
* especially important for SSL_VERIFY_PEER. The application should have
|
||||
* used SSL[_CTX]_set_session_id_context.
|
||||
*
|
||||
* For this error case, we generate an error instead of treating the event
|
||||
* like a cache miss (otherwise it would be easy for applications to
|
||||
* effectively disable the session cache by accident without anyone
|
||||
* noticing). */
|
||||
OPENSSL_PUT_ERROR(SSL, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
|
||||
SSL_SESSION_free(session);
|
||||
return ssl_session_error;
|
||||
}
|
||||
|
||||
struct timeval now;
|
||||
ssl_get_current_time(ssl, &now);
|
||||
if (session->timeout < (long)now.tv_sec - session->time) {
|
||||
|
Loading…
Reference in New Issue
Block a user