Skip to content
Permalink
Browse files

Specify session context for OpenSSL clients

Reconnecting to ngIRCd 22.1 built with OpenSSL with some OpenSSL
clients, including Pidgin and stunnel 5.06, attempts to reuse a session
and fails due to the absence of this line.

The error message in syslog from ngIRCd is:

> SSL protocol error: SSL_accept (error:140D9115:SSL
> routines:SSL_GET_PREV_SESSION:session id context uninitialized)

This patch appears to fix the problem for both Pidgin and stunnel; it
may work for other OpenSSL clients that attempt to re-use sessions.

*   <#182>
*   <https://developer.pidgin.im/ticket/11568>
*   <https://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html>
  • Loading branch information
tejr committed Jun 26, 2015
1 parent f6b7764 commit b71a0ddbd570f5163ede198d635c3b03abd3e27e
Showing with 1 addition and 0 deletions.
  1. +1 −0 src/ngircd/conn-ssl.c
@@ -317,6 +317,7 @@ ConnSSL_InitLibrary( void )
goto out;
}

SSL_CTX_set_session_id_context(newctx, (unsigned char *)"ngircd", 6);
SSL_CTX_set_options(newctx, SSL_OP_SINGLE_DH_USE|SSL_OP_NO_SSLv2);
SSL_CTX_set_mode(newctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_set_verify(newctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,

0 comments on commit b71a0dd

Please sign in to comment.
You can’t perform that action at this time.