pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:920:    SSL3_DEBUG_MSG("SSL.Context->purge_session: %O\n", s->identity || "");    if (s->identity)    m_delete (session_cache, s->identity);    /* RFC 4346 7.2:    * In this case [fatal alert], other connections corresponding to    * the session may continue, but the session identifier MUST be    * invalidated, preventing the failed session from being used to    * establish new connections.    */    s->identity = 0; +  if (s->version > PROTOCOL_TLS_1_2) { +  // In TLS 1.2 and earlier the master_secret may be shared +  // between multiple concurrent connections (cf eg above), +  // so we can't scratch the master secret.    s->master_secret = 0; -  +  }    /* There's no need to remove the id from the active_sessions queue */   }         //   // --- Compat code below   //      protected Crypto.RSA.State compat_rsa;   protected array(string(8bit)) compat_certificates;