Hi All,
When SSL server gets the client hello message(in the
function ssl3_get_client_hello), if session ID is present in the client
hello message, then
the server will try to find if the session can be reused. Please find the
related code
{
i=ssl_get_prev_session(s,p,j);
if (i == 1)
{ /* previous session */
s->hit=1;
}
else if (i == -1)
goto err;
else /* i == 0 */
{
if (!ssl_get_new_session(s,1))
goto err;
}
}
If ssl_get_prev_session returns -1 due to some error, then the SSL server
will consider it as a error
and the SSL connection will not be established.
But this error is not intimated to the SSL client by the SSL server.
So the SSL client will be waiting for the response message from the
SSL server and the wait can be indefinite.
But my opinion is if we send an alert from the server, then client can know
the
error and can close the connection.
Please let me know Your suggestions.
Thanks in Advance!!!
Shiva
****************************************************************************
***********
This email and its attachments contain confidential information from HUAWEI,
which is intended only for the person or entity whose address is listed
above. Any use of the information contained here in any way (including, but
not limited to, total or partial disclosure, reproduction, or dissemination)
by persons other than the intended recipient(s) is prohibited. If you
receive this email in error, please notify the sender by phone or email
immediately and delete it!
****************************************************************************
*************
