From bbf34c0604665998c58ed9eebd0d17aeb38b92bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Wed, 7 Aug 2024 14:58:02 +0200
Subject: [PATCH] Disassociate the SSL object from the cached SSL_SESSION
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When the SSL object was destroyed, it would invalidate all SSL_SESSION
objects including the cached, but not yet used, TLS session objects.

Properly disassociate the SSL object from the SSL_SESSION before we
store it in the TLS session cache, so we can later destroy it without
invalidating the cached TLS sessions.

Co-authored-by: Ondřej Surý <ondrej@isc.org>
Co-authored-by: Artem Boldariev <artem@isc.org>
Co-authored-by: Aram Sargsyan <aram@isc.org>
(cherry picked from commit c11b736e44a5f637eff9babcd65cc2958f52e7ce)
---
 lib/isc/tls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 281c09a92e..7781b3e9bc 100644
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -1657,6 +1657,8 @@ isc_tlsctx_client_session_cache_keep(isc_tlsctx_client_session_cache_t *cache,
 		return;
 	}
 
+	SSL_set_session(tls, NULL);
+
 	isc_mutex_lock(&cache->lock);
 
 	name_len = strlen(remote_peer_name);