1 files changed, 14 insertions, 13 deletions

diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index afcc18b6bb38..4f84a3476da0 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -85,7 +85,6 @@ OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
 
 int SSL_clear(SSL *s)
 	{
-	int state;
 
 	if (s->method == NULL)
 		{
@@ -93,6 +92,12 @@ int SSL_clear(SSL *s)
 		return(0);
 		}
 
+	if (ssl_clear_bad_session(s))
+		{
+		SSL_SESSION_free(s->session);
+		s->session=NULL;
+		}
+
 	s->error=0;
 	s->hit=0;
 	s->shutdown=0;
@@ -110,7 +115,6 @@ int SSL_clear(SSL *s)
 		}
 #endif
 
-	state=s->state; /* Keep to check if we throw away the session-id */
 	s->type=0;
 
 	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
@@ -131,12 +135,6 @@ int SSL_clear(SSL *s)
 
 	ssl_clear_cipher_ctx(s);
 
-	if (ssl_clear_bad_session(s))
-		{
-		SSL_SESSION_free(s->session);
-		s->session=NULL;
-		}
-
 	s->first_packet=0;
 
 #if 1
@@ -795,7 +793,10 @@ int SSL_shutdown(SSL *s)
 
 int SSL_renegotiate(SSL *s)
 	{
-	s->new_session=1;
+	if (s->new_session == 0)
+		{
+		s->new_session=1;
+		}
 	return(s->method->ssl_renegotiate(s));
 	}
 
@@ -1469,9 +1470,10 @@ void ssl_update_cache(SSL *s,int mode)
 	 * and it would be rather hard to do anyway :-) */
 	if (s->session->session_id_length == 0) return;
 
-	if ((s->ctx->session_cache_mode & mode)
-		&& (!s->hit)
-		&& SSL_CTX_add_session(s->ctx,s->session)
+	i=s->ctx->session_cache_mode;
+	if ((i & mode) && (!s->hit)
+		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
+		    || SSL_CTX_add_session(s->ctx,s->session))
 		&& (s->ctx->new_session_cb != NULL))
 		{
 		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
@@ -1480,7 +1482,6 @@ void ssl_update_cache(SSL *s,int mode)
 		}
 
 	/* auto flush every 255 connections */
-	i=s->ctx->session_cache_mode;
 	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
 		((i & mode) == mode))
 		{