Properly report SSL_session_reused after a renegotiation.
We forgot to reset that value.
Change-Id: Ic869cb61da332983cc40223cbbdf23b455dd9766
Reviewed-on: https://boringssl-review.googlesource.com/20084
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/handshake_client.cc b/ssl/handshake_client.cc
index a779b8a..52d2e94 100644
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -430,6 +430,8 @@
SSL *const ssl = hs->ssl;
ssl_do_info_callback(ssl, SSL_CB_HANDSHAKE_START, 1);
+ // |session_reused| must be reset in case this is a renegotiation.
+ ssl->s3->session_reused = false;
// Freeze the version range.
if (!ssl_get_version_range(ssl, &hs->min_version, &hs->max_version)) {
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 0c97438..1d48cca 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -2407,6 +2407,11 @@
return false;
}
+ if (SSL_session_reused(ssl)) {
+ fprintf(stderr, "Renegotiations should never resume sessions.\n");
+ return false;
+ }
+
// Re-check authentication properties after a renegotiation. The reported
// values should remain unchanged even if the server sent different SCT
// lists.
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 0ce6849..89f0713 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -7115,6 +7115,9 @@
},
},
renegotiate: 1,
+ // Test renegotiation after both an initial and resumption
+ // handshake.
+ resumeSession: true,
flags: []string{
"-renegotiate-freely",
"-expect-total-renegotiations", "1",