Mark renego-established sessions not resumable. We do not call the new_session callback on renego, but a consumer using SSL_get_session may still attempt to resume such a session. Leave the not_resumable flag unset. Also document this renegotiation restriction. Change-Id: I5361f522700b02edf5272ba5089c0777e5dafb09 Reviewed-on: https://boringssl-review.googlesource.com/19664 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 5ef40c60f67e9060b33f02f49b366f508c0d09fa [log] [tgz]
author: David Benjamin <davidben@google.com> Wed Aug 23 21:28:29 2017 -0700
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Aug 24 16:10:54 2017 +0000
tree: dabf6de173679141e88e9527e4c56862320a532b
parent: 2c46c10631a934b1d3426802e1b5f8be76852a9c [diff] [blame]
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 32ec272..9ecd7df 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc

@@ -218,6 +218,7 @@
   SSL_CTX *ctx = ssl->session_ctx;
   /* Never cache sessions with empty session IDs. */
   if (ssl->s3->established_session->session_id_length == 0 ||
+      ssl->s3->established_session->not_resumable ||
       (ctx->session_cache_mode & mode) != mode) {
     return;
   }
commit	5ef40c60f67e9060b33f02f49b366f508c0d09fa	[log] [tgz]
author	David Benjamin <davidben@google.com>	Wed Aug 23 21:28:29 2017 -0700
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Thu Aug 24 16:10:54 2017 +0000
tree	dabf6de173679141e88e9527e4c56862320a532b
parent	2c46c10631a934b1d3426802e1b5f8be76852a9c [diff] [blame]