Looks fine to me. Ethan
On Fri, Jan 28, 2011 at 3:33 PM, Ben Pfaff <[email protected]> wrote: > Attempting to call SSL_set_session() on every trip through the SSL > connection state machine seems like it could cause the session to be > re-set to the cached one even after the server has told us which session > is actually to be used. > > In testing, this change didn't make any difference, but it seems seems like > the right thing to do. > > Bug #4448. > --- > lib/stream-ssl.c | 16 +++++++--------- > 1 files changed, 7 insertions(+), 9 deletions(-) > > diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c > index 5a67da8..f7112c3 100644 > --- a/lib/stream-ssl.c > +++ b/lib/stream-ssl.c > @@ -280,6 +280,13 @@ new_ssl_stream(const char *name, int fd, enum > session_type type, > if (!verify_peer_cert || (bootstrap_ca_cert && type == CLIENT)) { > SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); > } > + if (type == CLIENT) { > + /* Grab SSL session information from the cache. */ > + SSL_SESSION *session = shash_find_data(&client_sessions, name); > + if (session && SSL_set_session(ssl, session) != 1) { > + interpret_queued_ssl_error("SSL_set_session"); > + } > + } > > /* Create and return the ssl_stream. */ > sslv = xmalloc(sizeof *sslv); > @@ -511,15 +518,6 @@ ssl_connect(struct stream *stream) > MSG_PEEK); > } > > - /* Grab SSL session information from the cache. */ > - if (sslv->type == CLIENT) { > - SSL_SESSION *session = shash_find_data(&client_sessions, > - stream_get_name(stream)); > - if (session) { > - SSL_set_session(sslv->ssl, session); > - } > - } > - > retval = (sslv->type == CLIENT > ? SSL_connect(sslv->ssl) : SSL_accept(sslv->ssl)); > if (retval != 1) { > -- > 1.7.1 > > > _______________________________________________ > dev mailing list > [email protected] > http://openvswitch.org/mailman/listinfo/dev_openvswitch.org > _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev_openvswitch.org
