Disassociate the SSL object from the cached SSL_SESSION

When the SSL object was destroyed, it would invalidate all SSL_SESSION
objects including the cached, but not yet used, TLS session objects.

Properly disassociate the SSL object from the SSL_SESSION before we
store it in the TLS session cache, so we can later destroy it without
invalidating the cached TLS sessions.

Co-authored-by: Ondřej Surý <ondrej@isc.org>
Co-authored-by: Artem Boldariev <artem@isc.org>
Co-authored-by: Aram Sargsyan <aram@isc.org>
(cherry picked from commit c11b736e44a5f637eff9babcd65cc2958f52e7ce)

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 281c09a92ea9658f80d0665df03a8d319552be56..7781b3e9bcc3761c03e07fd6372a13e1d918fc1e 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -1657,6 +1657,8 @@ isc_tlsctx_client_session_cache_keep(isc_tlsctx_client_session_cache_t *cache,
                return;
        }
 
+       SSL_set_session(tls, NULL);
+
        isc_mutex_lock(&cache->lock);
 
        name_len = strlen(remote_peer_name);