Set SSL_SESSION.cipher when parsing.
This was done for the server when parsing a session ticket, but it
wasn't done in the parsing function itself. That caused problems when
high level code used the parsing function directly to set a session for
the client code.
See comments in internal bug 7091840.
Change-Id: Iaa048c3df62cd9fe7a003af33805819e2556960a
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 2c91053..9f372f9 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -387,8 +387,14 @@
goto err;
}
- ret->cipher=NULL;
ret->cipher_id=id;
+ ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff);
+ if (ret->cipher == NULL)
+ {
+ c.error=SSL_R_UNSUPPORTED_CIPHER;
+ c.line = __LINE__;
+ goto err;
+ }
M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 75e2110..312a9a2 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -560,15 +560,6 @@
goto err;
}
- if (ret->cipher == NULL)
- {
- /* The cipher id has a leading 0x03 to be removed (and then put
- * back for the binary search) as a remnant of SSLv2 support. */
- ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff);
- if (ret->cipher == NULL)
- goto err;
- }
-
if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
{
s->session_ctx->stats.sess_timeout++;
