Disassociate the SSL object from the cached SSL_SESSION

When the SSL object was destroyed, it would invalidate all SSL_SESSION
objects including the cached, but not yet used, TLS session objects.

Properly disassociate the SSL object from the SSL_SESSION before we
store it in the TLS session cache, so we can later destroy it without
invalidating the cached TLS sessions.

Co-authored-by: Ondřej Surý <ondrej@isc.org>
Co-authored-by: Artem Boldariev <artem@isc.org>
Co-authored-by: Aram Sargsyan <aram@isc.org>
(cherry picked from commit c11b736e44a5f637eff9babcd65cc2958f52e7ce)

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index e2cd63eeb04387656431b28c77681e9b4c4ef584..15497c0ebafda04684b3f381db2ab70ef6babbaa 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -1543,6 +1543,8 @@ isc_tlsctx_client_session_cache_keep(isc_tlsctx_client_session_cache_t *cache,
                return;
        }
 
+       SSL_set_session(tls, NULL);
+
        isc_mutex_lock(&cache->lock);
 
        name_len = strlen(remote_peer_name);