Remove session checks from SSL_clear()

We now allow a different protocol version when reusing a session so we can
unconditionally reset the SSL_METHOD if it has changed.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3954)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d02e2816b4bb994560d0626472866d95e0143939..be15daad866edf44de2ee4295afa8b5cbcf85b3b 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -566,12 +566,9 @@ int SSL_clear(SSL *s)
 
     /*
      * Check to see if we were changed into a different method, if so, revert
-     * back. We always do this in TLSv1.3. Below that we only do it if we are
-     * not doing session-id reuse.
+     * back.
      */
-    if (s->method != s->ctx->method
-            && (SSL_IS_TLS13(s)
-                || (!ossl_statem_get_in_handshake(s) && s->session == NULL))) {
+    if (s->method != s->ctx->method) {
         s->method->ssl_free(s);
         s->method = s->ctx->method;
         if (!s->method->ssl_new(s))