From: Matt Caswell <matt@openssl.org>
Date: Thu, 15 Mar 2018 21:02:15 +0000 (+0000)
Subject: Don't update the session cache when processing a client certificate in TLSv1.3
X-Git-Tag: OpenSSL_1_1_1-pre3~38
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f023ba2df821d186d73fefda6fa5cafcc5a3ee39;p=thirdparty%2Fopenssl.git

Don't update the session cache when processing a client certificate in TLSv1.3

We should only update the session cache when we issue a NewSessionTicket.
These are issued automatically after processing a client certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)
---

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 5542a78e21..c198aa7246 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3608,9 +3608,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
     sk_X509_pop_free(s->session->peer_chain, X509_free);
     s->session->peer_chain = sk;
 
-    if (new_sess != NULL)
-        ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
     /*
      * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
      * message