From 6f6948b21503d0ef8bea3ea6321c40dbbf4e5c9c Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Tue, 14 Oct 2025 07:59:04 +0800
Subject: [PATCH] apps/s_time: reset reused SSL with SSL_clear in doConnection
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com>

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/28911)
---
 apps/s_time.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/apps/s_time.c b/apps/s_time.c
index 598e1069ed0..19d68ad2a89 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -435,6 +435,16 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
         }
     } else {
         serverCon = scon;
+        /*
+         * Reset the SSL object before reusing it for a new connection.
+         * This clears prior handshake and I/O state while keeping
+         * configuration inherited from the SSL_CTX.
+         */
+        if (!SSL_clear(serverCon)) {
+            ERR_print_errors(bio_err);
+            BIO_free(conn);
+            return NULL;
+        }
         SSL_set_connect_state(serverCon);
     }
 
-- 
2.47.3