[Pkg-openssl-changes] r340 - in openssl/trunk: debian ssl

[kroeckx at alioth.debian.org]

Author: kroeckx
Date: 2008-08-03 17:48:59 +0000 (Sun, 03 Aug 2008)
New Revision: 340

Modified:
   openssl/trunk/debian/changelog
   openssl/trunk/ssl/s3_srvr.c
Log:
Fix a problem with tlsext preventing firefox 3 from connection.
Patch from upstream CVS and part of 0.9.8h.  (Closes: #492758)


Modified: openssl/trunk/debian/changelog
===================================================================
--- openssl/trunk/debian/changelog	2008-07-22 14:20:21 UTC (rev 339)
+++ openssl/trunk/debian/changelog	2008-08-03 17:48:59 UTC (rev 340)
@@ -1,3 +1,11 @@
+openssl (0.9.8g-13) unstable; urgency=low
+
+  * Fix a problem with tlsext preventing firefox 3 from connection.
+    Patch from upstream CVS and part of 0.9.8h.
+    (Closes: #492758)
+
+ -- Kurt Roeckx <kurt at roeckx.be>  Sun, 03 Aug 2008 19:47:10 +0200
+
 openssl (0.9.8g-12) unstable; urgency=low
 
   * add the changelog of the 10.1 NMU to make bugtracking happy

Modified: openssl/trunk/ssl/s3_srvr.c
===================================================================
--- openssl/trunk/ssl/s3_srvr.c	2008-07-22 14:20:21 UTC (rev 339)
+++ openssl/trunk/ssl/s3_srvr.c	2008-08-03 17:48:59 UTC (rev 340)
@@ -1093,8 +1093,16 @@
 		 * session-id if we want it to be single use.
 		 * Currently I will not implement the '0' length session-id
 		 * 12-Jan-98 - I'll now support the '0' length stuff.
+		 *
+		 * We also have an additional case where stateless session
+		 * resumption is successful: we always send back the old
+		 * session id. In this case s->hit is non zero: this can
+		 * only happen if stateless session resumption is succesful
+		 * if session caching is disabled so existing functionality
+		 * is unaffected.
 		 */
-		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+			&& !s->hit)
 			s->session->session_id_length=0;
 
 		sl=s->session->session_id_length;