Curl_ssl_getsessionid: fail if no session cache exists

This function might get called for an easy handle for which the session
cache hasn't been setup. It now just returns a "miss" in that case.

Reported-by: Christoph M. Becker
Fixes #7148
Closes #7153

diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 65f4f773dd63b112fd1f7ec23d0fc2e1538cb244..1e6272b9f2d817ca92bc92bec6fb0d6d3c4d229d 100644 (file)
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -407,8 +407,9 @@ bool Curl_ssl_getsessionid(struct Curl_easy *data,
 
   DEBUGASSERT(SSL_SET_OPTION(primary.sessionid));
 
-  if(!SSL_SET_OPTION(primary.sessionid))
-    /* session ID re-use is disabled */
+  if(!SSL_SET_OPTION(primary.sessionid) || !data->state.session)
+    /* session ID re-use is disabled or the session cache has not been
+       setup */
     return TRUE;
 
   /* Lock if shared */