From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Mon, 13 Oct 2025 23:59:04 +0000 (+0800)
Subject: apps/s_time: reset reused SSL with SSL_clear in doConnection
X-Git-Tag: 3.0-PRE-CLANG-FORMAT-WEBKIT~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=93c65481009209ce7f9d400e7954af47fbda65d6;p=thirdparty%2Fopenssl.git

apps/s_time: reset reused SSL with SSL_clear in doConnection

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/28911)

(cherry picked from commit 6f6948b21503d0ef8bea3ea6321c40dbbf4e5c9c)
(cherry picked from commit 79e0c5a13e4c6421eeddfcc4bd01a3b06f4c6394)
(cherry picked from commit 81dcb0ef916a2aeeb15dbc0002ce49d143c709ce)
(cherry picked from commit 73c7dea574b55ccf3a94409fd81a170e11920c16)
(cherry picked from commit 13c751dd424b651513e10933f092818ba0b6445f)
(cherry picked from commit 4791829e865e0ca30f38cbb6c86d85ce6be36897)
---

diff --git a/apps/s_time.c b/apps/s_time.c
index b7761915626..4145473aaa7 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -437,6 +437,16 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
         }
     } else {
         serverCon = scon;
+        /*
+         * Reset the SSL object before reusing it for a new connection.
+         * This clears prior handshake and I/O state while keeping
+         * configuration inherited from the SSL_CTX.
+         */
+        if (!SSL_clear(serverCon)) {
+            ERR_print_errors(bio_err);
+            BIO_free(conn);
+            return NULL;
+        }
         SSL_set_connect_state(serverCon);
     }