On Wed, May 02, 2018 at 07:26:02PM +0200, Sebastian Andrzej Siewior wrote: > On 2018-05-02 18:34:35 [+0200], Kurt Roeckx wrote: > > On Wed, May 02, 2018 at 05:19:20PM +0100, Simon McVittie wrote: > > > * https://github.com/openssl/openssl/pull/5967 > > > > > > """ > > > Commit d316cdc introduced some extra > > > checks into the session-cache update procedure, intended to prevent > > > the caching of sessions whose resumption would lead to a handshake > > > failure, since if the server is authenticating the client, there needs > > > to > > > be an application-set "session id context" to match up to the > > > authentication > > > context. While that change is effective for its stated purpose, there > > > was also some collatoral damage introduced along with the fix -- clients > > > that set SSL_VERIFY_PEER are not expected to set an sid_ctx, and so > > > their usage of session caching was erroneously denied. > > > > > > Fix the scope of the original commit by limiting it to only acting > > > when the SSL is a server SSL. > > > """ > > > > Is it urgunt to fix this in testing/unstable? > > If he is sure that this fixes his issue then I don't mind doing an > upload. I can even prepare a 1.1.0h-2 with this patch included. > [unless upstream plans a release soon]
There are no plans, currently I think 1.1.1 will be the next release. Kurt
