httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47055] SSLVerifyClient + Directory doesn't use cache sessions
Date Tue, 19 May 2009 12:38:51 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47055





--- Comment #14 from Mike <mike.pechkin@gmail.com>  2009-05-19 05:38:47 PST ---
config contained wrong "SSLOptions -OptRenegotiate" that's why i was failed.
now i have a workaround for the bug.

problem is here. there is should be md5 string:
SSL_set_session_id_context(ssl, (unsigned char *)&id, sizeof(id));

like here:
if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5,
                                    APR_MD5_DIGESTSIZE*2))
    {
        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                      "Unable to set session id context to `%s'", vhost_md5);
        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);

        c->aborted = 1;

        return DECLINED; /* XXX */
    }

with workaround compare is always true and quick renegotiation always works.
if (ret->sid_ctx_length != s->sid_ctx_length
    || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
    {
    goto err; /* treat like cache miss */
    }

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message