Google Git
Sign in
boringssl/boringssl.git/d816874c52418665cd348a3e2babd575686cf695^!/./ssl/ssl_lib.cc
commit
d816874c52418665cd348a3e2babd575686cf695
[log]
author
Steven Valdez <svaldez@google.com>
Thu Aug 31 10:15:48 2017 -0400
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Thu Aug 31 15:43:25 2017 +0000
tree
350a8c386886c0c6411672ef74b787283c5af90e
parent
1ab133a9daddd14cc6538b3c4a85c804f3647a26 [diff] [blame]
Set SSL_in_init to false before new_session_cb.

This fixes a regression in Conscrypt added by
https://boringssl-review.googlesource.com/19144. SSL_get_session
otherwise attempts to return hs->new_session, but that has been released
at this point.

Change-Id: I55b41cbefb65b3ae3cfbfad72f6338bd66db3341
Reviewed-on: https://boringssl-review.googlesource.com/19904
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index e210616..1f1461f 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc

@@ -2336,7 +2336,11 @@
 }
 
 int SSL_in_init(const SSL *ssl) {
-  return ssl->s3->hs != NULL;
+  // This returns false once all the handshake state has been finalized, to
+  // allow callbacks and getters based on SSL_in_init to return the correct
+  // values.
+  SSL_HANDSHAKE *hs = ssl->s3->hs;
+  return hs != nullptr && !hs->handshake_finalized;
 }
 
 int SSL_in_false_start(const SSL *ssl) {