1269ddd377
The internal session cache is keyed on session ID, so this is completely useless for clients (indeed we never look it up internally). Along the way, tidy up ssl_update_cache to be more readable. The slight behavior change is that SSL_CTX_add_session's return code no longer controls the external callback. It's not clear to me what that could have accomplished. (It can only fail on allocation error. We only call it for new sessions, so the duplicate case is impossible.) The one thing of value the internal cache might have provided is managing the timeout. The SSL_CTX_flush_sessions logic would flip the not_resumable bit and cause us not to offer expired sessions (modulo SSL_CTX_flush_sessions's delay and any discrepancies between the two caches). Instead, just check expiration when deciding whether or not to offer a session. This way clients that set SSL_SESS_CACHE_CLIENT blindly don't accidentally consume gobs of memory. BUG=531194 Change-Id: If97485beab21874f37737edc44df24e61ce23705 Reviewed-on: https://boringssl-review.googlesource.com/6321 Reviewed-by: Adam Langley <alangley@gmail.com> |
||
|---|---|---|
| .. | ||
| openssl | ||