NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commit1c2b7c0

committed

Restore the SSL_set_session_id_context() call to OpenSSL renegotiation.

This reverts the removal of the call in commit (272923a). It turns out itwasn't superfluous after all: without it, renegotiation fails if a clientcertificate was used. The rest of the changes in that commit are still OKand not reverted.Per investigation of bug #12769 by Arne Scheffer, although this doesn't fixthe reported bug yet.

1 parent9e3ad1a commit1c2b7c0Copy full SHA for 1c2b7c0

File tree

1 file changed

-0

lines changed

src/backend/libpq
- be-secure-openssl.c

1 file changed

-0

lines changed

`‎src/backend/libpq/be-secure-openssl.c`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -595,6 +595,10 @@ be_tls_write(Port port, void ptr, size_t len, int *waitfor)`
`595`	`595`	`*/`
`596`	`596`	`SSL_clear_num_renegotiations(port->ssl);`
`597`	`597`
	`598`	`+/* without this, renegotiation fails when a client cert is used */`
	`599`	`+SSL_set_session_id_context(port->ssl, (void*)&SSL_context,`
	`600`	`+sizeof(SSL_context));`
	`601`	`+`
`598`	`602`	`if (SSL_renegotiate(port->ssl) <=0)`
`599`	`603`	`ereport(COMMERROR,`
`600`	`604`	`(errcode(ERRCODE_PROTOCOL_VIOLATION),`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit1c2b7c0

File tree

1 file changed

1 file changed

`‎src/backend/libpq/be-secure-openssl.c`

0 commit comments