2 files changed, 8 insertions, 10 deletions

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 9083ec2f3b..3a96c6a136 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -540,11 +540,6 @@ struct ssl_session_st {
                                  * load the 'cipher' structure */
     unsigned int kex_group;      /* TLS group from key exchange */
     CRYPTO_EX_DATA ex_data;     /* application specific data */
-    /*
-     * These are used to make removal of session-ids more efficient and to
-     * implement a maximum cache size.
-     */
-    struct ssl_session_st *prev, *next;
 
     struct {
         char *hostname;
@@ -574,6 +569,12 @@ struct ssl_session_st {
     size_t ticket_appdata_len;
     uint32_t flags;
     SSL_CTX *owner;
+
+    /*
+     * These are used to make removal of session-ids more efficient and to
+     * implement a maximum cache size.
+     */
+    struct ssl_session_st *prev, *next;
 };
 
 /* Extended master secret support */
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 4d3bbe8403..6b5d9bbb24 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -141,13 +141,10 @@ static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
         return NULL;
 
     /*
-     * Copy until prev ptr, because it's a part of sessons cache which can be modified
-     * concurrently. Other fields filled in the code bellow.
+     * src is logically read-only but the prev/next pointers are not, they are
+     * part of the session cache and can be modified concurrently.
      */
     memcpy(dest, src, offsetof(SSL_SESSION, prev));
-    dest->ext = src->ext;
-    dest->ticket_appdata_len = src->ticket_appdata_len;
-    dest->flags = src->flags;
 
     /*
      * Set the various pointers to NULL so that we can call SSL_SESSION_free in