RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-12 08:49:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MAJOR: ssl: ssl_sock was not fully initialized.

Browse Source 
'ssl_sock' wasn't fully initialized so a new session can inherit some
flags from an old one.

This causes some fetches, related to client's certificate presence or
its verify status and errors, returning erroneous values.

This issue could generate other unexpected behaviors because a new
session could also inherit other flags such as SSL_SOCK_ST_FL_16K_WBFSIZE,
SSL_SOCK_SEND_UNLIMITED, or SSL_SOCK_RECV_HEARTBEAT from an old session.

This must be backported to 2.0 but it's useless for previous.
This commit is contained in:
Emeric Brun 2019-09-06 15:36:02 +02:00 committed by Willy Tarreau
parent ed5ac9c786
commit 5762a0db0a
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_sock.c
View File

@ -5173,6 +5173,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
ctx->conn = conn;
ctx->send_wait = NULL;
ctx->recv_wait = NULL;
ctx->xprt_st = 0;
ctx->xprt_ctx = NULL;
/* Only work with sockets for now, this should be adapted when we'll
* add QUIC support.