ssl_session_reset: preserve HOSTNAME_SET flag
When we don't reset `ssl->hostname`, we must not reset the
`MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET` flag either.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 2d54172..fd01aac 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -57,6 +57,16 @@
MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET = 1,
} mbedtls_ssl_context_flags_t;
+/** Flags from ::mbedtls_ssl_context_flags_t to keep in
+ * mbedtls_ssl_session_reset().
+ *
+ * The flags that are in this list are kept until explicitly updated or
+ * until mbedtls_ssl_free(). The flags that are not listed here are
+ * reset to 0 in mbedtls_ssl_session_reset().
+ */
+#define MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION \
+ (MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET)
+
#define MBEDTLS_SSL_INITIAL_HANDSHAKE 0
#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS 1 /* In progress */
#define MBEDTLS_SSL_RENEGOTIATION_DONE 2 /* Done or aborted */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6c401b5..0b072e6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1411,7 +1411,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
- ssl->flags = 0;
+ ssl->flags &= MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION;
ssl->tls_version = ssl->conf->max_tls_version;
mbedtls_ssl_session_reset_msg_layer(ssl, partial);