commit 3d8f0808e49722a8b23abbacd06cb494c2e1606d
author David Benjamin <davidben@google.com> Wed Sep 06 16:12:52 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Sep 06 20:31:17 2017 +0000
tree 74a399582fbd2679e7621f93b1ffb85613a10443
parent a861460c89f6d63eeb9c384de9a7b1d8fec12bb7

Honor SSL_SESS_CACHE_CLIENT in TLS 1.3.

The new_session_cb callback should not be run if SSL_SESS_CACHE_CLIENT
is off.

Change-Id: I1ab320f33688f186b241d95c81775331a5c5b1a1
Reviewed-on: https://boringssl-review.googlesource.com/20065
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_test.cc

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 48e50ee..66f0304 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -3102,6 +3102,18 @@
                SSL_get_servername(server_.get(), TLSEXT_NAMETYPE_host_name));
 }
 
+// Test that session cache mode bits are honored in the client session callback.
+TEST_P(SSLVersionTest, ClientSessionCacheMode) {
+  SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_OFF);
+  EXPECT_FALSE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
+
+  SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_CLIENT);
+  EXPECT_TRUE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
+
+  SSL_CTX_set_session_cache_mode(client_ctx_.get(), SSL_SESS_CACHE_SERVER);
+  EXPECT_FALSE(CreateClientSession(client_ctx_.get(), server_ctx_.get()));
+}
+
 TEST(SSLTest, AddChainCertHack) {
   // Ensure that we don't accidently break the hack that we have in place to
   // keep curl and serf happy when they use an |X509| even after transfering