[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    SSL session reuse crash (BR73916)
From:       Waldo Bastian <bastian () kde ! org>
Date:       2004-02-01 15:07:45
Message-ID: 200402011607.45903.bastian () kde ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have applied the attached patch to prevent a SSL session id reuse crash. 
Someone who actually knows how SSL session id reuse is supposed to work may 
want to have a look at this to see if this is the correct solution or whether 
things go wrong earlier already.

See http://bugs.kde.org/show_bug.cgi?id=73916 for details.

Cheers,
Waldo
- -- 
bastian@kde.org -=|[ SUSE, The Linux Desktop Experts ]|=- bastian@suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAHRZBN4pvrENfboIRAn7sAJ9FGj6jiYOfauYw7uUFT8EXzg58hgCeKa6D
FLjxkaSk5hHo6NY/sGvoza0=
=tkaN
-----END PGP SIGNATURE-----

["kssl_session_reuse.patch" (text/x-diff)]

Index: kssl.cc
===================================================================
RCS file: /home/kde/kdelibs/kio/kssl/kssl.cc,v
retrieving revision 1.75
diff -u -r1.75 kssl.cc
--- kssl.cc	6 Oct 2003 03:50:53 -0000	1.75
+++ kssl.cc	1 Feb 2004 14:56:02 -0000
@@ -282,7 +282,12 @@
 		return -1;
 
 	if (d->session) {
-		if (1 == d->kossl->SSL_set_session(d->m_ssl,
+		if (static_cast<SSL_SESSION*>(d->session->_session)->sess_cert == 0)
+		{
+			kdDebug(7029) << "Can't reuse session, no certificate." << endl;
+			delete d->session;
+			d->session = 0;
+		} else if (1 == d->kossl->SSL_set_session(d->m_ssl,
 			static_cast<SSL_SESSION*>(d->session->_session))) {
 			kdDebug(7029) << "Session ID is being reused." << endl;
 		} else {
@@ -363,7 +368,12 @@
 		return -1;
 
 	if (d->session) {
-		if (1 == d->kossl->SSL_set_session(d->m_ssl,
+		if (static_cast<SSL_SESSION*>(d->session->_session)->sess_cert == 0)
+		{
+			kdDebug(7029) << "Can't reuse session, no certificate." << endl;
+			delete d->session;
+			d->session = 0;
+		} else if (1 == d->kossl->SSL_set_session(d->m_ssl,
 			static_cast<SSL_SESSION*>(d->session->_session))) {
 			kdDebug(7029) << "Session ID is being reused." << endl;
 		} else {


[prev in list] [next in list] [prev in thread] [next in thread]