Merge pull request #1785 from embhorn/zd4225

Fix for old certs not discarded when server does not resume session
2018-08-24 13:22:06 -07:00 · 2018-08-24 13:22:06 -07:00 · 86ce22c32e
parent 1005ca0703 498d8e6c15
commit 86ce22c32e
1 changed files with 8 additions and 0 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -9857,6 +9857,14 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
    WOLFSSL_START(WC_FUNC_CERTIFICATE_DO);
    WOLFSSL_ENTER("DoCertificate");

+#ifdef SESSION_CERTS
+    /* Reset the session cert chain count in case the session resume failed. */
+    ssl->session.chain.count = 0;
+    #ifdef WOLFSSL_ALT_CERT_CHAINS
+        ssl->session.altChain.count = 0;
+    #endif
+#endif /* SESSION_CERTS */
+
    ret = ProcessPeerCerts(ssl, input, inOutIdx, size);

 #ifdef OPENSSL_EXTRA