~sircmpwn/gmni-devel

set session id context v1 PROPOSED

mbays
2 months ago 
mbays: 2
 set session id context
 set session id context

 2 files changed, 2 insertions(+), 0 deletions(-)
Martin Bays
29 days ago 
Is there anything preventing this being merged?
Drew DeVault
29 days ago 
Yes. You never answered my feedback.






    
    
    
    Martin Bays
    
    
  



29 days ago





* Thursday, 2021-08-26 at 08:57 +0200 - Drew DeVault <sir@cmpwn.com>:





            
              Next 







Drew DeVault




28 days ago





I see it now. Don't send it to the same thread: make a new one with
[PATCH gmnisrv v2].










Export patchset (mbox) 


How do I use this?


              Copy & paste the following snippet into your terminal to
              import this patchset into git:
            


curl -s https://lists.sr.ht/~sircmpwn/gmni-devel/patches/23925/mbox | git am -3

Learn more about email & git 






View this thread in the archives 




















        [PATCH] set session id context
        
          Export this patch 







    
    
    
    mbays
    
    
  



2 months ago





This is necessary now client certificates are supported.
Without it, an attempt to resume a session fails with
"ssl_get_prev_session:session id context uninitialized".
---
 src/tls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tls.c b/src/tls.c
index 0e092d3..9753131 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
	assert(r == 1);

	SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
	SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*) "gmnisrv", 7);
	SSL_CTX_set_verify(conf->tls.ssl_ctx, SSL_VERIFY_PEER, NULL);
	// use always_true_callback to ignore errors such as self-signed error
	SSL_CTX_set_cert_verify_callback(conf->tls.ssl_ctx, always_true_callback, NULL);
-- 
2.32.0








Drew DeVault




2 months ago





> This is necessary now client certificates are supported.
> Without it, an attempt to resume a session fails with
> "ssl_get_prev_session:session id context uninitialized".
> ---
> src/tls.c | 1 +
> 1 file changed, 1 insertion(+)
> 
> diff --git a/src/tls.c b/src/tls.c
> index 0e092d3..9753131 100644
> --- a/src/tls.c
> +++ b/src/tls.c
> @@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
> assert(r == 1);
> 
> SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
> + SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*) "gmnisrv", 7);
Style nit: no space between ) and " here





        [PATCH] set session id context
        
          Export this patch 







    
    
    
    mbays
    
    
  



2 months ago





This is necessary now client certificates are supported.
Without it, an attempt to resume a session fails with
"ssl_get_prev_session:session id context uninitialized".
---
 src/tls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tls.c b/src/tls.c
index 0e092d3..02d7ab7 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
	assert(r == 1);

	SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
	SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*)"gmnisrv", 7);
	SSL_CTX_set_verify(conf->tls.ssl_ctx, SSL_VERIFY_PEER, NULL);
	// use always_true_callback to ignore errors such as self-signed error
	SSL_CTX_set_cert_verify_callback(conf->tls.ssl_ctx, always_true_callback, NULL);
-- 
2.32.0








    
    
    
    Martin Bays
    
    
  



29 days ago





Is there anything preventing this being merged?