|
 |
1fc17eb |
*) In the SSL/TLS server implementation, be strict about session ID
|
|
|
1fc17eb |
context matching (which matters if an application uses a single
|
|
|
1fc17eb |
external cache for different purposes). Previously,
|
|
|
1fc17eb |
out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
|
|
|
1fc17eb |
set. This did ensure strict client verification, but meant that,
|
|
|
1fc17eb |
with applications using a single external cache for quite
|
|
|
1fc17eb |
different requirements, clients could circumvent ciphersuite
|
|
|
1fc17eb |
restrictions for a given session ID context by starting a session
|
|
|
1fc17eb |
in a different context.
|
|
|
1fc17eb |
diff -up openssl-0.9.7a/ssl/ssl_sess.c.strict-matching openssl-0.9.7a/ssl/ssl_sess.c
|
|
|
1fc17eb |
--- openssl-0.9.7a/ssl/ssl_sess.c.strict-matching 2002-11-28 09:09:03.000000000 +0100
|
|
|
1fc17eb |
+++ openssl-0.9.7a/ssl/ssl_sess.c 2007-08-02 16:17:29.000000000 +0200
|
|
|
1fc17eb |
@@ -322,33 +322,35 @@ int ssl_get_prev_session(SSL *s, unsigne
|
|
|
1fc17eb |
|
|
|
1fc17eb |
/* Now ret is non-NULL, and we own one of its reference counts. */
|
|
|
1fc17eb |
|
|
|
1fc17eb |
- if((s->verify_mode&SSL_VERIFY_PEER)
|
|
|
1fc17eb |
- && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
|
|
|
1fc17eb |
- || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
|
|
|
1fc17eb |
- {
|
|
|
1fc17eb |
+ if (ret->sid_ctx_length != s->sid_ctx_length
|
|
|
1fc17eb |
+ || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
|
|
|
1fc17eb |
+ {
|
|
|
1fc17eb |
/* We've found the session named by the client, but we don't
|
|
|
1fc17eb |
* want to use it in this context. */
|
|
|
1fc17eb |
-
|
|
|
1fc17eb |
- if (s->sid_ctx_length == 0)
|
|
|
1fc17eb |
- {
|
|
|
1fc17eb |
- /* application should have used SSL[_CTX]_set_session_id_context
|
|
|
1fc17eb |
- * -- we could tolerate this and just pretend we never heard
|
|
|
1fc17eb |
- * of this session, but then applications could effectively
|
|
|
1fc17eb |
- * disable the session cache by accident without anyone noticing */
|
|
|
1fc17eb |
|
|
|
1fc17eb |
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
|
|
|
1fc17eb |
- fatal = 1;
|
|
|
1fc17eb |
- goto err;
|
|
|
1fc17eb |
- }
|
|
|
1fc17eb |
- else
|
|
|
1fc17eb |
- {
|
|
|
1fc17eb |
#if 0 /* The client cannot always know when a session is not appropriate,
|
|
|
1fc17eb |
- * so we shouldn't generate an error message. */
|
|
|
1fc17eb |
+ * so we shouldn't generate an error message. */
|
|
|
1fc17eb |
|
|
|
1fc17eb |
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
|
|
|
1fc17eb |
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
|
|
|
1fc17eb |
#endif
|
|
|
1fc17eb |
- goto err; /* treat like cache miss */
|
|
|
1fc17eb |
- }
|
|
|
1fc17eb |
+ goto err; /* treat like cache miss */
|
|
|
1fc17eb |
+ }
|
|
|
1fc17eb |
+
|
|
|
1fc17eb |
+ if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
|
|
|
1fc17eb |
+ {
|
|
|
1fc17eb |
+ /* We can't be sure if this session is being used out of
|
|
|
1fc17eb |
+ * context, which is especially important for SSL_VERIFY_PEER.
|
|
|
1fc17eb |
+ * The application should have used SSL[_CTX]_set_session_id_context.
|
|
|
1fc17eb |
+ *
|
|
|
1fc17eb |
+ * For this error case, we generate an error instead of treating
|
|
|
1fc17eb |
+ * the event like a cache miss (otherwise it would be easy for
|
|
|
1fc17eb |
+ * applications to effectively disable the session cache by
|
|
|
1fc17eb |
+ * accident without anyone noticing).
|
|
|
1fc17eb |
+ */
|
|
|
1fc17eb |
+
|
|
|
1fc17eb |
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
|
|
|
1fc17eb |
+ fatal = 1;
|
|
|
1fc17eb |
+ goto err;
|
|
|
1fc17eb |
}
|
|
|
1fc17eb |
|
|
|
1fc17eb |
if (ret->cipher == NULL)
|