[openssl-commits] [openssl] OpenSSL source code branch master updated. 61aa44ca99473f9cabdfb2d3b35abd0b473437d1
Emilia Kasper
emilia at openssl.org
Mon Jan 5 16:32:23 UTC 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".
The branch, master has been updated
via 61aa44ca99473f9cabdfb2d3b35abd0b473437d1 (commit)
from 4c52816d35681c0533c25fdd3abb4b7c6962302d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 61aa44ca99473f9cabdfb2d3b35abd0b473437d1
Author: Adam Langley <agl at chromium.org>
Date: Mon Jan 5 17:28:33 2015 +0100
Ensure that the session ID context of an SSL* is updated
when its SSL_CTX is updated.
From BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 7 +++++++
ssl/ssl_lib.c | 15 +++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/CHANGES b/CHANGES
index c076df8..c444b24 100644
--- a/CHANGES
+++ b/CHANGES
@@ -659,6 +659,13 @@
Changes between 1.0.1j and 1.0.1k [xx XXX xxxx]
+ *) Ensure that the session ID context of an SSL is updated when its
+ SSL_CTX is updated via SSL_set_SSL_CTX.
+
+ The session ID context is typically set from the parent SSL_CTX,
+ and can vary with the CTX.
+ [Adam Langley]
+
*) Fix various certificate fingerprint issues.
By using non-DER or invalid encodings outside the signed portion of a
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 347ca5e..1552fd9 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3194,6 +3194,21 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
if (ssl->ctx != NULL)
SSL_CTX_free(ssl->ctx); /* decrement reference count */
ssl->ctx = ctx;
+
+ /*
+ * Inherit the session ID context as it is typically set from the
+ * parent SSL_CTX, and can vary with the CTX.
+ * Note that per-SSL SSL_set_session_id_context() will not persist
+ * if called before SSL_set_SSL_CTX.
+ */
+ ssl->sid_ctx_length = ctx->sid_ctx_length;
+ /*
+ * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
+ * so setter APIs must prevent invalid lengths from entering the system.
+ */
+ OPENSSL_assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx);
+ memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+
return(ssl->ctx);
}
hooks/post-receive
--
OpenSSL source code
More information about the openssl-commits
mailing list