Merge pull request #851 from toddouska/nosessid

don't send session ID on server side if session cache is off unless w…
2025-07-31 19:24:42 +02:00 · 2017-04-12 14:50:43 -07:00
parent 3abcff4db5 b1d59a2334
commit 8ee9e4ff8b
1 changed files with 19 additions and 0 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -17945,6 +17945,8 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        int                sendSz;
        int                ret;
        byte               sessIdSz = ID_LEN;
+        byte               echoId   = 0;  /* ticket echo id flag */
+        byte               cacheOff = 0;  /* session cache off flag */

        length = VERSION_SZ + RAN_LEN
               + ID_LEN + ENUM_LEN
@@ -17962,6 +17964,7 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                return BUFFER_ERROR;
            }
            length -= (ID_LEN - sessIdSz);  /* adjust ID_LEN assumption */
+            echoId = 1;
        }
    #endif /* HAVE_SESSION_TICKET */
 #else
@@ -17970,6 +17973,22 @@ int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        }
 #endif

+        /* is the session cahce off at build or runtime */
+#ifdef NO_SESSION_CACHE
+        cacheOff = 1;
+#else
+        if (ssl->options.sessionCacheOff == 1) {
+            cacheOff = 1;
+        }
+#endif
+
+        /* if no session cache don't send a session ID unless we're echoing
+         * an ID as part of session tickets */
+        if (echoId == 0 && cacheOff == 1) {
+            length -= ID_LEN;    /* adjust ID_LEN assumption */
+            sessIdSz = 0;
+        }
+
        /* check for avalaible size */
        if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0)
            return ret;