Skip to content

Commit

Permalink
Specify session context for OpenSSL clients
Browse files Browse the repository at this point in the history
Reconnecting to ngIRCd 22.1 built with OpenSSL with some OpenSSL
clients, including Pidgin and stunnel 5.06, attempts to reuse a session
and fails due to the absence of this line.

The error message in syslog from ngIRCd is:

> SSL protocol error: SSL_accept (error:140D9115:SSL
> routines:SSL_GET_PREV_SESSION:session id context uninitialized)

This patch appears to fix the problem for both Pidgin and stunnel; it
may work for other OpenSSL clients that attempt to re-use sessions.

*   <#182>
*   <https://developer.pidgin.im/ticket/11568>
*   <https://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html>
  • Loading branch information
tejr committed Jun 26, 2015
1 parent f6b7764 commit b71a0dd
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/ngircd/conn-ssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -317,6 +317,7 @@ ConnSSL_InitLibrary( void )
goto out;
}

SSL_CTX_set_session_id_context(newctx, (unsigned char *)"ngircd", 6);
SSL_CTX_set_options(newctx, SSL_OP_SINGLE_DH_USE|SSL_OP_NO_SSLv2);
SSL_CTX_set_mode(newctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
SSL_CTX_set_verify(newctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
Expand Down

0 comments on commit b71a0dd

Please sign in to comment.