From: Nikos Mavrogiannopoulos Date: Wed, 28 Oct 2009 08:44:18 +0000 (+0200) Subject: When resuming a session do not overwrite the initial session data with resumed X-Git-Tag: gnutls_2_9_8~36 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6b4c3dc567fb1435c8392ec2160fdffc236f6b37;p=thirdparty%2Fgnutls.git When resuming a session do not overwrite the initial session data with resumed session data. Discovered on discussion at help-gnutls with Sebastien Decugis. --- diff --git a/NEWS b/NEWS index 223066e4c0..644c2e9424 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,9 @@ See the end for copying conditions. * Version 2.9.8 (unreleased) +** libgnutls: In server side when resuming a session do not overwrite the +initial session data with the resumed session data. + ** libgnutls: Added support for AES-128,AES-192 and AES-256 in PKCS #8 encryption. This affects also PKCS #12 encoded files. diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 4183122f9d..7423f2737c 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2841,6 +2841,13 @@ _gnutls_handshake_common (gnutls_session_t session) ret = _gnutls_send_handshake_final (session, FALSE); IMED_RET ("send handshake final", ret, 0); + + /* only store if we are not resuming */ + if (session->security_parameters.entity == GNUTLS_SERVER) + { + /* in order to support session resuming */ + _gnutls_server_register_current_session (session); + } } else { /* if we are a client not resuming - or we are a server resuming */ @@ -2867,14 +2874,10 @@ _gnutls_handshake_common (gnutls_session_t session) ret = _gnutls_recv_handshake_final (session, FALSE); IMED_RET ("recv handshake final 2", ret, 1); - } - if (session->security_parameters.entity == GNUTLS_SERVER) - { - /* in order to support session resuming */ - _gnutls_server_register_current_session (session); } + /* clear handshake buffer */ _gnutls_handshake_hash_buffers_clear (session); return ret;