New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect call to SSL_CTX_set_session_id_context
on client side SSL context
#105293
Labels
type-bug
An unexpected behavior, bug, or error
Comments
grantramsay
added a commit
to grantramsay/cpython
that referenced
this issue
Jun 4, 2023
… side SSL context Openssl states this is a "server side only" operation. Calling this on a client side socket can result in unexpected behavior
grantramsay
added a commit
to grantramsay/cpython
that referenced
this issue
Jul 14, 2023
… side SSL context Openssl states this is a "server side only" operation. Calling this on a client side socket can result in unexpected behavior
While we could backport this to releases, unless it's actually causing a problem there (the issue has existed forever it seems) lets not bother. It seems most important for your new feature PR. |
kgdiem
pushed a commit
to kgdiem/cpython
that referenced
this issue
Jul 14, 2023
… side SSL context (python#105295) * pythongh-105293: Do not call SSL_CTX_set_session_id_context on client side SSL context Openssl states this is a "server side only" operation. Calling this on a client side socket can result in unexpected behavior * Add news entry on SSL "set session id context" changes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When initialising an SSLContext there is a call to
SSL_CTX_set_session_id_context()
:The openssl man pages state that
SSL_CTX_set_session_id_context
is a "server side only" operation:https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_session_id_context.html
In some circumstances, calling this on a client side socket can result in unexpected behavior. For example TLSv1.3 PSK: #103181 (comment)
The fix for this was originally part of another PR (#103181) @gpshead recommended creating a separate issue/PR
Linked PRs
The text was updated successfully, but these errors were encountered: