The code was changed when TLS ticket support was added. In that case a zero length session ID can result in a resumed session based on the ticket. It didn't catch the case where ticket resumtion failed and the session legth was zero.
This patch should fix it: http://cvs.openssl.org/chngview?cn=16691 Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
