boringssl

History

David Benjamin ba4594aee6 Don't put sessions from renegotiations in the cache. Rather than rely on Chromium to query SSL_initial_handshake_complete in the callback (which didn't work anyway because the callback is called afterwards), move the logic into BoringSSL. BoringSSL already enforces that clients never offer resumptions on renegotiation (it wouldn't work well anyway as client session cache lookup is external), so it's reasonable to also implement in-library that sessions established on a renegotiation are not cached. Add a bunch of tests that new_session_cb is called when expected. BUG=501418 Change-Id: I42d44c82b043af72b60a0f8fdb57799e20f13ed5 Reviewed-on: https://boringssl-review.googlesource.com/5171 Reviewed-by: Adam Langley <agl@google.com>	2015-06-18 23:40:51 +00:00
..
openssl	Don't put sessions from renegotiations in the cache.	2015-06-18 23:40:51 +00:00

David Benjamin ba4594aee6 Don't put sessions from renegotiations in the cache.

Rather than rely on Chromium to query SSL_initial_handshake_complete in the
callback (which didn't work anyway because the callback is called afterwards),
move the logic into BoringSSL. BoringSSL already enforces that clients never
offer resumptions on renegotiation (it wouldn't work well anyway as client
session cache lookup is external), so it's reasonable to also implement
in-library that sessions established on a renegotiation are not cached.

Add a bunch of tests that new_session_cb is called when expected.

BUG=501418

Change-Id: I42d44c82b043af72b60a0f8fdb57799e20f13ed5
Reviewed-on: https://boringssl-review.googlesource.com/5171
Reviewed-by: Adam Langley <agl@google.com>

2015-06-18 23:40:51 +00:00

openssl

Don't put sessions from renegotiations in the cache.

2015-06-18 23:40:51 +00:00