boringssl/ssl
David Benjamin 4b27d9f8bd Never resume sessions on renegotiations.
This cuts down on one config knob as well as one case in the renego
combinatorial explosion. Since the only case we care about with renego
is the client auth hack, there's no reason to ever do resumption.
Especially since, no matter what's in the session cache:

- OpenSSL will only ever offer the session it just established,
  whether or not a newer one with client auth was since established.

- Chrome will never cache sessions created on a renegotiation, so
  such a session would never make it to the session cache.

- The new_session + SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
  logic had a bug where it would unconditionally never offer tickets
  (but would advertise support) on renego, so any server doing renego
  resumption against an OpenSSL-derived client must not support
  session tickets.

This also gets rid of s->new_session which is now pointless.

BUG=429450

Change-Id: I884bdcdc80bff45935b2c429b4bbc9c16b2288f8
Reviewed-on: https://boringssl-review.googlesource.com/4732
Reviewed-by: Adam Langley <agl@google.com>
2015-05-14 22:53:21 +00:00
..
pqueue Fix memory leak in pqueue_test. 2015-02-11 23:18:45 +00:00
test Never resume sessions on renegotiations. 2015-05-14 22:53:21 +00:00
CMakeLists.txt Document everything in ssl_ciph.c, now ssl_cipher.c. 2015-04-13 22:06:55 +00:00
d1_both.c Promote max_cert_list and max_send_fragment to functions. 2015-05-06 22:14:07 +00:00
d1_clnt.c Never resume sessions on renegotiations. 2015-05-14 22:53:21 +00:00
d1_lib.c Remove OPENSSL_timeval. 2015-05-08 18:03:07 +00:00
d1_meth.c Promote all dtls1_ctrl hooks to functions. 2015-05-06 22:11:05 +00:00
d1_pkt.c Remove redundant setup buffer calls. 2015-05-11 21:31:59 +00:00
d1_srtp.c Fix STACK_OF pointer style. 2015-05-06 22:55:16 +00:00
d1_srvr.c Never resume sessions on renegotiations. 2015-05-14 22:53:21 +00:00
internal.h Remove redundant setup buffer calls. 2015-05-11 21:31:59 +00:00
s3_both.c Remove redundant setup buffer calls. 2015-05-11 21:31:59 +00:00
s3_clnt.c Never resume sessions on renegotiations. 2015-05-14 22:53:21 +00:00
s3_enc.c Remove unnecessary NULL checks, part 5. 2015-05-04 23:16:19 +00:00
s3_lib.c Switch EVP_PKEY_dup calls to EVP_PKEY_up_ref. 2015-05-06 22:57:09 +00:00
s3_meth.c Promote all SSL callback ctrl hooks to proper functions. 2015-05-06 22:10:47 +00:00
s3_pkt.c Never resume sessions on renegotiations. 2015-05-14 22:53:21 +00:00
s3_srvr.c Never resume sessions on renegotiations. 2015-05-14 22:53:21 +00:00
ssl_algs.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
ssl_asn1.c Remove unnecessary NULL checks, part 5. 2015-05-04 23:16:19 +00:00
ssl_cert.c Switch EVP_PKEY_dup calls to EVP_PKEY_up_ref. 2015-05-06 22:57:09 +00:00
ssl_cipher.c Remove dead field from CIPHER_ORDER. 2015-05-06 22:36:31 +00:00
ssl_lib.c Never resume sessions on renegotiations. 2015-05-14 22:53:21 +00:00
ssl_rsa.c Switch EVP_PKEY_dup calls to EVP_PKEY_up_ref. 2015-05-06 22:57:09 +00:00
ssl_sess.c Fix STACK_OF pointer style. 2015-05-06 22:55:16 +00:00
ssl_stat.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
ssl_test.cc Revert "Temporarily break a handful of tests." 2015-05-04 20:21:32 -04:00
ssl_txt.c Rename ssl_locl.h to internal.h 2015-04-10 22:14:09 +00:00
t1_enc.c Get rid of ssl_undefined_* 2015-05-06 22:56:02 +00:00
t1_lib.c Never resume sessions on renegotiations. 2015-05-14 22:53:21 +00:00
t1_reneg.c Include-what-you-use ssl/internal.h. 2015-04-10 22:15:02 +00:00