On Thu, Apr 11, 2002 at 02:35:16PM +0200, "�ivind H. Danielsen" wrote:
> The following two ssl3 negotiations illustrate a problem I have
> been having with the local variable got_new_session in the
> (s3_srvr.c) SSL3_accept function:
[analysis deleted]
You do not state which version of openssl you are using. There was a bug
in 0.9.6c that was fixed in current snapshots (and therefore will be
fixed in 0.9.6d and 0.9.7):
*) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
variable as an indication that a ClientHello message has been
received. As the flag value will be lost between multiple
invocations of ssl3_accept when using non-blocking I/O, the
function may not be aware that a handshake has actually taken
place, thus preventing a new session from being added to the
session cache.
To avoid this problem, we now set s->new_session to 2 instead of
using a local variable.
[Lutz Jaenicke, Bodo Moeller]
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
