This is necessary now client certificates are supported.
Without it, an attempt to resume a session fails with
"ssl_get_prev_session:session id context uninitialized".
---
src/tls.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tls.c b/src/tls.c
index 0e092d3..9753131 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
assert(r == 1);
SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
+ SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*) "gmnisrv", 7);
SSL_CTX_set_verify(conf->tls.ssl_ctx, SSL_VERIFY_PEER, NULL);
// use always_true_callback to ignore errors such as self-signed error
SSL_CTX_set_cert_verify_callback(conf->tls.ssl_ctx, always_true_callback, NULL);
--
2.32.0
> This is necessary now client certificates are supported.
> Without it, an attempt to resume a session fails with
> "ssl_get_prev_session:session id context uninitialized".
> ---
> src/tls.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/src/tls.c b/src/tls.c
> index 0e092d3..9753131 100644
> --- a/src/tls.c
> +++ b/src/tls.c
> @@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
> assert(r == 1);
>
> SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
> + SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*) "gmnisrv", 7);
Style nit: no space between ) and " here
This is necessary now client certificates are supported.
Without it, an attempt to resume a session fails with
"ssl_get_prev_session:session id context uninitialized".
---
src/tls.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tls.c b/src/tls.c
index 0e092d3..02d7ab7 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
assert(r == 1);
SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
+ SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*)"gmnisrv", 7);
SSL_CTX_set_verify(conf->tls.ssl_ctx, SSL_VERIFY_PEER, NULL);
// use always_true_callback to ignore errors such as self-signed error
SSL_CTX_set_cert_verify_callback(conf->tls.ssl_ctx, always_true_callback, NULL);
--
2.32.0
Is there anything preventing this being merged?