From kfm-devel  Tue Feb 03 10:54:42 2004
From: George Staikos <staikos () kde ! org>
Date: Tue, 03 Feb 2004 10:54:42 +0000
To: kfm-devel
Subject: Re: SSL session reuse crash (BR73916)
Message-Id: <200402030554.42336.staikos () kde ! org>
X-MARC-Message: https://marc.info/?l=kfm-devel&m=107580571826973

On Sunday 01 February 2004 10:07, Waldo Bastian wrote:
> I have applied the attached patch to prevent a SSL session id reuse crash.
> Someone who actually knows how SSL session id reuse is supposed to work may
> want to have a look at this to see if this is the correct solution or
> whether things go wrong earlier already.
>
> See http://bugs.kde.org/show_bug.cgi?id=73916 for details.

  There are other possible crashes too.  I just haven't had time to fix them 
all yet.  Changing from SSLv3 to v2 or vice versa and reusing the session 
crashes inside openssl.  I'm not even sure it's up to us to fix this anyway.  
Your patch looks reasonable, but I want to double check to make sure that the 
cache doesn't remain inconsistent in this case.

-- 
George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/