Skip to content
  • Yann Ylavic's avatar
    Merge r1736186 from trunk: · 10732433
    Yann Ylavic authored
    mod_ssl: return non ambiguous value in ssl_callback_SessionTicket() for
    encryption mode (we used to return 0, OpenSSL documents returning 1 instead).
    
    Practically this does not change anything since OpenSSL will only check for
    >= 0 return value (non error) for encryption mode (the other possible return
    values are only relevant for decryption mode).
    
    However the OpenSSL documentation for SSL_CTX_set_tlsext_ticket_key_cb()
    states:
    "
    The return value of the cb function is used by OpenSSL to determine what
    further processing will occur. The following return values have meaning:
    
    2
        This indicates that the ctx and hctx have been set and the session can
        continue on those parameters. Additionally it indicates that the session
        ticket is in a renewal period and should be replaced. The OpenSSL library
        will call cb again with an enc argument of 1 to set the new ticket (see
        RFC5077 3.3 paragraph 2).
    
    1
        This indicates that the ctx and hctx have been set and the session can
        continue on those parameters.
    
    0
        This indicates that it was not possible to set/retrieve a session ticket
        and the SSL/TLS session will continue by by negotiating a set of
        cryptographic parameters or using the alternate SSL/TLS resumption
        mechanism, session ids.
        If called with enc equal to 0 the library will call the cb again to get a
        new set of parameters.
    
    less than 0
        This indicates an error.
    "
    
    So 0 is not appropriate in our code, 1 is what we really want (and it won't
    break if OpenSSL later changes its checks on the callback return value).
    
    Reported/Proposed by: oknet on github, pull request #18.
    Reviewed by: jorton, ylavic, wrowe
    [Closes #18]
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1811742 13f79535-47bb-0310-9956-ffa450edef68
    10732433
To find the state of this project's repository at the time of any of these versions, check out the tags.