resumption problem
Jeremy Harris
jgh at wizmail.org
Fri Mar 27 22:10:16 UTC 2020
On 27/03/2020 21:52, Viktor Dukhovni wrote:
> On Fri, Mar 27, 2020 at 09:25:28PM +0000, Jeremy Harris wrote:
>
>>> If the distro started with 1.1.1 and only backported security fixes, you
>>> could be running an OpenSSL version with the unintentional bidirectional
>>> setting.
>>
>> .. either this, or even an unpatched basic 1.1.1 .
>>
>> A simple code addition to avoid that call in the client case sounds
>> in order.
Testing, it appears to work - I get resumption and not that error.
And the Exim testsuite shows no regressions, at least on my laptop
(which is Fedora 31, with 1.1.1d).
>>> Another possibility is that your system-wide openssl.cnf file has a
>>> "RequestCAFile" or "ClientCAFile" setting.
>>
>> Neither appears to be present in /etc/pki/tls/openssl.cnf
>
> And neither has any ".include" directives?
One, but that file doesn't have either string, either.
--
Cheers,
Jeremy
More information about the openssl-users
mailing list