From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 31 May 2021 13:29:03 +0000 (+0200)
Subject: Curl_ssl_getsessionid: fail if no session cache exists
X-Git-Tag: curl-7_78_0~239
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=894c74738f620fa02d1532c2186c5060fbad7e05;p=thirdparty%2Fcurl.git

Curl_ssl_getsessionid: fail if no session cache exists

This function might get called for an easy handle for which the session
cache hasn't been setup. It now just returns a "miss" in that case.

Reported-by: Christoph M. Becker
Fixes #7148
Closes #7153
---

diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 65f4f773dd..1e6272b9f2 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -407,8 +407,9 @@ bool Curl_ssl_getsessionid(struct Curl_easy *data,
 
   DEBUGASSERT(SSL_SET_OPTION(primary.sessionid));
 
-  if(!SSL_SET_OPTION(primary.sessionid))
-    /* session ID re-use is disabled */
+  if(!SSL_SET_OPTION(primary.sessionid) || !data->state.session)
+    /* session ID re-use is disabled or the session cache has not been
+       setup */
     return TRUE;
 
   /* Lock if shared */