Always use session_ctx when removing a session Sessions are stored on the session_ctx, which doesn't change after SSL_set_SSL_CTX(). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 78ae099..185f0e9 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c
@@ -72,7 +72,7 @@ return -1; /* If a fatal one, remove from cache */ if ((level == SSL3_AL_FATAL) && (s->session != NULL)) - SSL_CTX_remove_session(s->ctx, s->session); + SSL_CTX_remove_session(s->session_ctx, s->session); s->s3->alert_dispatch = 1; s->s3->send_alert[0] = level;