Loading CHANGES +10 −1 Original line number Diff line number Diff line Loading @@ -4,7 +4,16 @@ Changes between 0.9.7m and 0.9.7n [xx XXX xxxx] *) *) In the SSL/TLS server implementation, be strict about session ID context matching (which matters if an application uses a single external cache for different purposes). Previously, out-of-context reuse was forbidden only if SSL_VERIFY_PEER was set. This did ensure strict client verification, but meant that, with applications using a single external cache for quite different requirements, clients could circumvent ciphersuite restrictions for a given session ID context by starting a session in a different context. [Bodo Moeller] Changes between 0.9.7l and 0.9.7m [23 Feb 2007] Loading ssl/ssl_sess.c +23 −21 Original line number Diff line number Diff line Loading @@ -322,26 +322,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) /* Now ret is non-NULL, and we own one of its reference counts. */ if((s->verify_mode&SSL_VERIFY_PEER) && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) if (ret->sid_ctx_length != s->sid_ctx_length || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) { /* We've found the session named by the client, but we don't * want to use it in this context. */ if (s->sid_ctx_length == 0) { /* application should have used SSL[_CTX]_set_session_id_context * -- we could tolerate this and just pretend we never heard * of this session, but then applications could effectively * disable the session cache by accident without anyone noticing */ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; } else { #if 0 /* The client cannot always know when a session is not appropriate, * so we shouldn't generate an error message. */ Loading @@ -349,6 +335,22 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) #endif goto err; /* treat like cache miss */ } if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { /* We can't be sure if this session is being used out of * context, which is especially important for SSL_VERIFY_PEER. * The application should have used SSL[_CTX]_set_session_id_context. * * For this error case, we generate an error instead of treating * the event like a cache miss (otherwise it would be easy for * applications to effectively disable the session cache by * accident without anyone noticing). */ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; } if (ret->cipher == NULL) Loading Loading
CHANGES +10 −1 Original line number Diff line number Diff line Loading @@ -4,7 +4,16 @@ Changes between 0.9.7m and 0.9.7n [xx XXX xxxx] *) *) In the SSL/TLS server implementation, be strict about session ID context matching (which matters if an application uses a single external cache for different purposes). Previously, out-of-context reuse was forbidden only if SSL_VERIFY_PEER was set. This did ensure strict client verification, but meant that, with applications using a single external cache for quite different requirements, clients could circumvent ciphersuite restrictions for a given session ID context by starting a session in a different context. [Bodo Moeller] Changes between 0.9.7l and 0.9.7m [23 Feb 2007] Loading
ssl/ssl_sess.c +23 −21 Original line number Diff line number Diff line Loading @@ -322,26 +322,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) /* Now ret is non-NULL, and we own one of its reference counts. */ if((s->verify_mode&SSL_VERIFY_PEER) && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) if (ret->sid_ctx_length != s->sid_ctx_length || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)) { /* We've found the session named by the client, but we don't * want to use it in this context. */ if (s->sid_ctx_length == 0) { /* application should have used SSL[_CTX]_set_session_id_context * -- we could tolerate this and just pretend we never heard * of this session, but then applications could effectively * disable the session cache by accident without anyone noticing */ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; } else { #if 0 /* The client cannot always know when a session is not appropriate, * so we shouldn't generate an error message. */ Loading @@ -349,6 +335,22 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) #endif goto err; /* treat like cache miss */ } if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) { /* We can't be sure if this session is being used out of * context, which is especially important for SSL_VERIFY_PEER. * The application should have used SSL[_CTX]_set_session_id_context. * * For this error case, we generate an error instead of treating * the event like a cache miss (otherwise it would be easy for * applications to effectively disable the session cache by * accident without anyone noticing). */ SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); fatal = 1; goto err; } if (ret->cipher == NULL) Loading
