When resuming a session do not overwrite the initial session data with resumed

session data. Discovered on discussion at help-gnutls with Sebastien Decugis.

2 files changed, 11 insertions, 5 deletions

diff --git a/NEWS b/NEWS
index 223066e4c0..644c2e9424 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,9 @@ See the end for copying conditions.
 
 * Version 2.9.8 (unreleased)
 
+** libgnutls: In server side when resuming a session do not overwrite the 
+initial session data with the resumed session data.
+
 ** libgnutls: Added support for AES-128,AES-192 and AES-256 in PKCS #8
 encryption. This affects also PKCS #12 encoded files.
 
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 4183122f9d..7423f2737c 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2841,6 +2841,13 @@ _gnutls_handshake_common (gnutls_session_t session)
 
       ret = _gnutls_send_handshake_final (session, FALSE);
       IMED_RET ("send handshake final", ret, 0);
+
+      /* only store if we are not resuming */
+      if (session->security_parameters.entity == GNUTLS_SERVER)
+        {
+          /* in order to support session resuming */
+          _gnutls_server_register_current_session (session);
+        }
     }
   else
     {				/* if we are a client not resuming - or we are a server resuming */
@@ -2867,14 +2874,10 @@ _gnutls_handshake_common (gnutls_session_t session)
 
       ret = _gnutls_recv_handshake_final (session, FALSE);
       IMED_RET ("recv handshake final 2", ret, 1);
-    }
 
-  if (session->security_parameters.entity == GNUTLS_SERVER)
-    {
-      /* in order to support session resuming */
-      _gnutls_server_register_current_session (session);
     }
 
+
   /* clear handshake buffer */
   _gnutls_handshake_hash_buffers_clear (session);
   return ret;