BUG/MEDIUM: ssl: Fix handshake failure on session resumption with client cert.

Openssl session_id_context was not set on cached sessions so handshake returns an error.
2025-02-18 19:56:59 +00:00 · 2012-11-26 18:37:12 +01:00 · 2012-11-26 18:37:12 +01:00 · 786991e8b7
commit 786991e8b7
parent 78bbeb4a99
2 changed files with 7 additions and 0 deletions
--- a/include/proto/shctx.h
+++ b/include/proto/shctx.h
@ -29,6 +29,10 @@
 #define SHCTX_DEFAULT_SIZE 20000
 #endif

+#ifndef SHCTX_APPNAME
+#define SHCTX_APPNAME "haproxy"
+#endif
+
 #define SHSESS_MAX_ENCODED_LEN SSL_MAX_SSL_SESSION_ID_LENGTH \
 				+ SHSESS_MAX_DATA_LEN \
 				+ SHSESS_MAX_FOOTER_LEN
--- a/src/shctx.c
+++ b/src/shctx.c
@ -447,6 +447,9 @@ void shared_context_set_cache(SSL_CTX *ctx)
 	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
 	                                    SSL_SESS_CACHE_NO_INTERNAL |
 	                                    SSL_SESS_CACHE_NO_AUTO_CLEAR);
+
+	SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
+
 	if (!shctx)
 		return;