stream-ssl: Set SSL session cache mode to disables.

To enable SSL clients to reconnect with the ovs-testcontoller without being rejected, one must either set the SSL Session ID flag or disable the SSL caching. This patch disables the SSL caching/reuse. In the absence of this fix, the error message from ovs-testcontroller is as below: SSL protocol error: SSL_accept (error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized) See <https://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html>. Validation: Tested with ovs-testcontroller, by performing SSL reconnection with OpenSSL based SSL client. Signed-off-by: Guru Chaitanya Perakam <gperakam@brocade.com> Reported-by: Guru Chaitanya Perakam <gperakam@brocade.com> Signed-off-by: Ben Pfaff <blp@nicira.com>
openvswitch · Jul 6, 2015 · 895107e · 895107e
1 parent bc500e3
commit 895107e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -70,6 +70,7 @@ Gianluca Merlo          gianluca.merlo@gmail.com
 Giuseppe Lettieri       g.lettieri@iet.unipi.it
 Glen Gibb               grg@stanford.edu
 Guolin Yang             gyang@nicira.com
+Guru Chaitanya Perakam  gperakam@Brocade.com
 Gurucharan Shetty       gshetty@nicira.com
 Henry Mai               hmai@nicira.com
 Hao Zheng               hzheng@nicira.com

diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
@@ -971,6 +971,7 @@ do_ssl_init(void)
     SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                        NULL);
+    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
 
     return 0;
 }