ssl_session_reset: preserve HOSTNAME_SET flag

When we don't reset `ssl->hostname`, we must not reset the `MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET` flag either. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-08 17:42:09 +03:00 · 2025-02-24 18:45:49 +01:00
parent eb2d29eb6b
commit fd89acc735
2 changed files with 11 additions and 1 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1411,7 +1411,7 @@ int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial)
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

    ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
-    ssl->flags = 0;
+    ssl->flags &= MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION;
    ssl->tls_version = ssl->conf->max_tls_version;

    mbedtls_ssl_session_reset_msg_layer(ssl, partial);