RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-11 03:31:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes

Browse Source 
On server's configuration change, if the previously used
cipher is disabled, all subsequent connect attempts fail.

Fix consists in freeing cached session on handshake failure.
This commit is contained in:
Emeric Brun 2012-10-04 17:09:56 +02:00 committed by Willy Tarreau
parent 3b5bc66554
commit 9fa8973abb
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl_sock.c
View File

@ -747,6 +747,12 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
return 1;
out_error:
/* free resumed session if exists */
if (target_srv(&conn->target) && target_srv(&conn->target)->ssl_ctx.reused_sess) {
SSL_SESSION_free(target_srv(&conn->target)->ssl_ctx.reused_sess);
target_srv(&conn->target)->ssl_ctx.reused_sess = NULL;
}
/* Fail on all other handshake errors */
conn->flags |= CO_FL_ERROR;
conn->flags &= ~flag;