[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

kaduk at mit.edu kaduk at mit.edu
Wed Mar 21 00:41:05 UTC 2018

The branch OpenSSL_1_1_0-stable has been updated
       via  8e4057768586961942851d89287f43969352127a (commit)
      from  b9b5e7144af84dd9b66d31ed6d009b40c5bcd514 (commit)

- Log -----------------------------------------------------------------
commit 8e4057768586961942851d89287f43969352127a
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Fri Jan 26 11:16:21 2018 -0600

    Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER
    The sid_ctx is something of a "certificate request context" or a
    "session ID context" -- something from the application that gives
    extra indication of what sort of thing this session is/was for/from.
    Without a sid_ctx, we only know that there is a session that we
    issued, but it could have come from a number of things, especially
    with an external (shared) session cache.  Accordingly, when resuming,
    we will hard-error the handshake when presented with a session with
    zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no
    information about the peer to verify, so the verification must fail.
    In order to prevent these future handshake failures, proactively
    decline to add the problematic sessions to the session cache.
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5175)
    (cherry picked from commit d316cdcf6d8d6934663278145fe0a8191e14a8c5)


Summary of changes:
 ssl/ssl_lib.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d833e33..bb329ad 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3032,6 +3032,18 @@ void ssl_update_cache(SSL *s, int mode)
     if (s->session->session_id_length == 0)
+    /*
+     * If sid_ctx_length is 0 there is no specific application context
+     * associated with this session, so when we try to resume it and
+     * SSL_VERIFY_PEER is requested, we have no indication that this is
+     * actually a session for the proper application context, and the
+     * *handshake* will fail, not just the resumption attempt.
+     * Do not cache these sessions that are not resumable.
+     */
+    if (s->session->sid_ctx_length == 0
+            && (s->verify_mode & SSL_VERIFY_PEER) != 0)
+        return;
     i = s->session_ctx->session_cache_mode;
     if ((i & mode) && (!s->hit)

More information about the openssl-commits mailing list