Disassociate the SSL object from the cached SSL_SESSION

When the SSL object was destroyed, it would invalidate all SSL_SESSION
objects including the cached, but not yet used, TLS session objects.

Properly disassociate the SSL object from the SSL_SESSION before we
store it in the TLS session cache, so we can later destroy it without
invalidating the cached TLS sessions.

Co-authored-by: Ondřej Surý <ondrej@isc.org>
Co-authored-by: Artem Boldariev <artem@isc.org>
Co-authored-by: Aram Sargsyan <aram@isc.org>

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 825ceb4aa495fb2633da1ed5624e519a20e9a268..f496410e9ba7feeb2ef5ec399144991c42058f97 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -1497,6 +1497,8 @@ isc_tlsctx_client_session_cache_keep(isc_tlsctx_client_session_cache_t *cache,
                return;
        }
 
+       SSL_set_session(tls, NULL);
+
        isc_mutex_lock(&cache->lock);
 
        name_len = strlen(remote_peer_name);