~sircmpwn/gmni-devel

set session id context v1 PROPOSED

mbays
mbays: 2
 set session id context
 set session id context

 2 files changed, 2 insertions(+), 0 deletions(-)
Martin Bays
Is there anything preventing this being merged?
Yes. You never answered my feedback.

Martin Bays
* Thursday, 2021-08-26 at 08:57 +0200 - Drew DeVault <sir@cmpwn.com>:
Next
I see it now. Don't send it to the same thread: make a new one with
[PATCH gmnisrv v2].
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~sircmpwn/gmni-devel/patches/23925/mbox | git am -3
Learn more about email & git
View this thread in the archives

[PATCH] set session id context Export this patch

mbays
This is necessary now client certificates are supported.
Without it, an attempt to resume a session fails with
"ssl_get_prev_session:session id context uninitialized".
---
 src/tls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tls.c b/src/tls.c
index 0e092d3..9753131 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
	assert(r == 1);

	SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
	SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*) "gmnisrv", 7);
	SSL_CTX_set_verify(conf->tls.ssl_ctx, SSL_VERIFY_PEER, NULL);
	// use always_true_callback to ignore errors such as self-signed error
	SSL_CTX_set_cert_verify_callback(conf->tls.ssl_ctx, always_true_callback, NULL);
-- 
2.32.0
> This is necessary now client certificates are supported.
> Without it, an attempt to resume a session fails with
> "ssl_get_prev_session:session id context uninitialized".
> ---
> src/tls.c | 1 +
> 1 file changed, 1 insertion(+)
> 
> diff --git a/src/tls.c b/src/tls.c
> index 0e092d3..9753131 100644
> --- a/src/tls.c
> +++ b/src/tls.c
> @@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
> assert(r == 1);
> 
> SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
> + SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*) "gmnisrv", 7);
Style nit: no space between ) and " here

[PATCH] set session id context Export this patch

mbays
This is necessary now client certificates are supported.
Without it, an attempt to resume a session fails with
"ssl_get_prev_session:session id context uninitialized".
---
 src/tls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tls.c b/src/tls.c
index 0e092d3..02d7ab7 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
	assert(r == 1);

	SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
	SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*)"gmnisrv", 7);
	SSL_CTX_set_verify(conf->tls.ssl_ctx, SSL_VERIFY_PEER, NULL);
	// use always_true_callback to ignore errors such as self-signed error
	SSL_CTX_set_cert_verify_callback(conf->tls.ssl_ctx, always_true_callback, NULL);
-- 
2.32.0
Martin Bays
Is there anything preventing this being merged?