VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-03 16:33:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

add SSL_CTX_set_session_id_context(3) checks

Browse Source 
bz #66226


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908971 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Giovanni Bechis
2023-04-04 21:34:57 +00:00
parent 132d4ee48f
commit fae4895b8d
2 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/log-message-tags/next-number
View File

@ -1 +1 @@
10422
10423

16
modules/ssl/ssl_engine_kernel.c
View File

@ -988,9 +988,17 @@ static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirCo
"protocol (%s support secure renegotiation)",
reneg_support);
SSL_set_session_id_context(ssl,
if(!SSL_set_session_id_context(ssl,
(unsigned char *)&id,
sizeof(id));
sizeof(id))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10422)
"error setting SSL session context");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
r->connection->keepalive = AP_CONN_CLOSE;
return HTTP_FORBIDDEN;
}
/* Toggle the renegotiation state to allow the new
* handshake to proceed. */
@ -2576,7 +2584,9 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
* a renegotiation.
*/
if (SSL_num_renegotiations(ssl) == 0) {
SSL_set_session_id_context(ssl, sc->vhost_md5, APR_MD5_DIGESTSIZE*2);
if(!SSL_set_session_id_context(ssl, sc->vhost_md5, APR_MD5_DIGESTSIZE*2)) {
return 0;
}
}
/*