From: Guru Chaitanya Perakam <gpera...@brocade.com> To enable SSL clients to reconnect with the ovs-testcontoller without being rejected, one must either set the SSL Session ID flag or disable the SSL caching. This patch disables the SSL caching/reuse.
In the absence of this fix, the error message from ovs-testcontroller is as below: SSL protocol error: SSL_accept (error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized) See <https://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html>. Validation: Tested with ovs-testcontroller, by performing SSL reconnection with OpenSSL based SSL client. Signed-off-by: Guru Chaitanya Perakam <gpera...@brocade.com> Reported-by: Guru Chaitanya Perakam <gpera...@brocade.com> Signed-off-by: Ben Pfaff <b...@nicira.com> --- This was submitted via github. I already applied this to master, branch-2.4, and branch-2.3. Sending it to the list now for everyone's notice. AUTHORS | 1 + lib/stream-ssl.c | 1 + 2 files changed, 2 insertions(+) diff --git a/AUTHORS b/AUTHORS index 2b368ee..2826f12 100644 --- a/AUTHORS +++ b/AUTHORS @@ -53,6 +53,7 @@ Geoffrey Wossum gwos...@acm.org Giuseppe Lettieri g.letti...@iet.unipi.it Glen Gibb g...@stanford.edu Guolin Yang gy...@nicira.com +Guru Chaitanya Perakam gpera...@brocade.com Gurucharan Shetty gshe...@nicira.com Henry Mai h...@nicira.com Hao Zheng hzh...@nicira.com diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index f4c30ac..5cdf98f 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -999,6 +999,7 @@ do_ssl_init(void) SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); return 0; } -- 2.1.3 _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
