set session id context — sourcehut lists

mbays: 2
 set session id context
 set session id context

 2 files changed, 2 insertions(+), 0 deletions(-)

Martin Bays <mbays@sdf.org>

11 months ago

Is there anything preventing this being merged?

Drew DeVault <sir@cmpwn.com>

11 months ago

Yes. You never answered my feedback.

Martin Bays <mbays@sdf.org>

11 months ago

You mean the nit about the unnecessary space? I sent a revised patch 
which fixed that.

Martin Bays <mbays@sdf.org>

11 months ago

* Thursday, 2021-08-26 at 08:57 +0200 - Drew DeVault <sir@cmpwn.com>:

Drew DeVault <sir@cmpwn.com>

11 months ago

I see it now. Don't send it to the same thread: make a new one with
[PATCH gmnisrv v2].

Export patchset (mbox)

How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~sircmpwn/gmni-devel/patches/23925/mbox | git am -3

Learn more about email & git

Reply to thread View this thread in the archives

[PATCH] set session id context Export this patch

mbays <mbays@sdf.org>

1 year, 20 days ago

This is necessary now client certificates are supported.
Without it, an attempt to resume a session fails with
"ssl_get_prev_session:session id context uninitialized".
---
 src/tls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tls.c b/src/tls.c
index 0e092d3..9753131 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
 	assert(r == 1);
 
 	SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
+	SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*) "gmnisrv", 7);
 	SSL_CTX_set_verify(conf->tls.ssl_ctx, SSL_VERIFY_PEER, NULL);
 	// use always_true_callback to ignore errors such as self-signed error
 	SSL_CTX_set_cert_verify_callback(conf->tls.ssl_ctx, always_true_callback, NULL);
-- 
2.32.0

Drew DeVault <sir@cmpwn.com>

1 year, 19 days ago

> This is necessary now client certificates are supported.
> Without it, an attempt to resume a session fails with
> "ssl_get_prev_session:session id context uninitialized".
> ---
> src/tls.c | 1 +
> 1 file changed, 1 insertion(+)
> 
> diff --git a/src/tls.c b/src/tls.c
> index 0e092d3..9753131 100644
> --- a/src/tls.c
> +++ b/src/tls.c
> @@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
> assert(r == 1);
> 
> SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
> + SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*) "gmnisrv", 7);
Style nit: no space between ) and " here

[PATCH] set session id context Export this patch

mbays <mbays@sdf.org>

1 year, 19 days ago

This is necessary now client certificates are supported.
Without it, an attempt to resume a session fails with
"ssl_get_prev_session:session id context uninitialized".
---
 src/tls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tls.c b/src/tls.c
index 0e092d3..02d7ab7 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -194,6 +194,7 @@ tls_init(struct gmnisrv_config *conf)
 	assert(r == 1);
 
 	SSL_CTX_set_tlsext_servername_callback(conf->tls.ssl_ctx, NULL);
+	SSL_CTX_set_session_id_context(conf->tls.ssl_ctx, (const unsigned char*)"gmnisrv", 7);
 	SSL_CTX_set_verify(conf->tls.ssl_ctx, SSL_VERIFY_PEER, NULL);
 	// use always_true_callback to ignore errors such as self-signed error
 	SSL_CTX_set_cert_verify_callback(conf->tls.ssl_ctx, always_true_callback, NULL);
-- 
2.32.0

Martin Bays <mbays@sdf.org>

11 months ago
Is there anything preventing this being merged?

~sircmpwn/gmni-devel

set session id context v1 PROPOSED

[PATCH] set session id context Export this patch

[PATCH] set session id context Export this patch