Do not store unneeded data.
diff --git a/CHANGES b/CHANGES
index 5ad229b..e17a661 100644
--- a/CHANGES
+++ b/CHANGES
@@ -13,6 +13,11 @@
*) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
+) applies to 0.9.7 only
+ +) Do not store session data into the internal session cache, if it
+ is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+ flag is set). Proposed by Aslam <aslam@funk.com>.
+ [Lutz Jaenicke]
+
+) Support for crypto accelerator cards from Accelerated Encryption
Processing, www.aep.ie. (Use engine 'aep')
The support was copied from 0.9.6c [engine] and adapted/corrected
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 49e22bf..1195171 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1646,9 +1646,10 @@
* and it would be rather hard to do anyway :-) */
if (s->session->session_id_length == 0) return;
- if ((s->ctx->session_cache_mode & mode)
- && (!s->hit)
- && SSL_CTX_add_session(s->ctx,s->session)
+ i=s->ctx->session_cache_mode;
+ if ((i & mode) && (!s->hit)
+ && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
+ || SSL_CTX_add_session(s->ctx,s->session))
&& (s->ctx->new_session_cb != NULL))
{
CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
@@ -1657,7 +1658,6 @@
}
/* auto flush every 255 connections */
- i=s->ctx->session_cache_mode;
if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
((i & mode) == mode))
{
