clear session data before attempting a reconnect without SSLv2-compatibility. Fixes #318. Fixes #308

2025-12-30 11:29:01 +00:00 · 2016-03-12 23:26:26 +00:00
parent d2136e5ad0
commit 616cf9730e
1 changed files with 7 additions and 3 deletions
--- a/nsock/src/nsock_core.c
+++ b/nsock/src/nsock_core.c
@@ -489,9 +489,13 @@ void handle_connect_result(struct npool *ms, struct nevent *nse, enum nse_status
                               iod->peerlen, nsock_iod_get_peerport(iod));
        nsock_engine_iod_register(ms, iod, saved_ev);

-        SSL_clear(iod->ssl);
-        if(!SSL_clear(iod->ssl))
-           fatal("SSL_clear failed: %s", ERR_error_string(ERR_get_error(), NULL));
+        /* Use SSL_free here because SSL_clear keeps session info, which
+         * doesn't work when changing SSL versions (as we're clearly trying to
+         * do by adding SSL_OP_NO_SSLv2). */
+        SSL_free(iod->ssl);
+        iod->ssl = SSL_new(ms->sslctx);
+        if (!iod->ssl)
+          fatal("SSL_new failed: %s", ERR_error_string(ERR_get_error(), NULL));

        SSL_set_options(iod->ssl, options | SSL_OP_NO_SSLv2);
        socket_count_read_inc(nse->iod);