From: Ondřej Surý <ondrej@isc.org>
Date: Wed, 7 Aug 2024 12:58:02 +0000 (+0200)
Subject: Disassociate the SSL object from the cached SSL_SESSION
X-Git-Tag: v9.21.0~11^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c11b736e44a5f637eff9babcd65cc2958f52e7ce;p=thirdparty%2Fbind9.git

Disassociate the SSL object from the cached SSL_SESSION

When the SSL object was destroyed, it would invalidate all SSL_SESSION
objects including the cached, but not yet used, TLS session objects.

Properly disassociate the SSL object from the SSL_SESSION before we
store it in the TLS session cache, so we can later destroy it without
invalidating the cached TLS sessions.

Co-authored-by: Ondřej Surý <ondrej@isc.org>
Co-authored-by: Artem Boldariev <artem@isc.org>
Co-authored-by: Aram Sargsyan <aram@isc.org>
---

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 825ceb4aa49..f496410e9ba 100644
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -1497,6 +1497,8 @@ isc_tlsctx_client_session_cache_keep(isc_tlsctx_client_session_cache_t *cache,
 		return;
 	}
 
+	SSL_set_session(tls, NULL);
+
 	isc_mutex_lock(&cache->lock);
 
 	name_len = strlen(remote_peer_name);