Hi Lutz, Apologies, I should have included a stack trace with the bug report.
FYI - attached is a Windows/Apache 2.2.6/OpenSSL 0.9.8f VC8 stack trace. The problem is not Windows-specific. I observe it on several platforms. This patch seems to correct the problem by checking for a zero-length previous session_id: ================================================================= --- ssl/s3_srvr.orig 2007-09-30 14:56:00.000000000 -0400 +++ ssl/s3_srvr.c 2007-10-17 12:51:58.311934000 -0400 @@ -743,7 +743,7 @@ * might be written that become totally unsecure when compiled with * an earlier library version) */ - if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) + if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { if (!ssl_get_new_session(s,1)) goto err; ================================================================= Regards, -tom- Lutz Jaenicke via RT wrote: >> [EMAIL PROTECTED] - Wed Oct 17 18:11:27 2007]: >> >> Starting with OpenSSL 0.9.8f, ssl3_get_client_hello() no longer tests >> whether the client proposed a >> previous session_id before trying to process it. In previous releases, >> a new session was always >> created if no previous session was proposed (i.e. if j==0 at >> ssl\s3_srvr.c:746) > > The problem is being worked upon. > > Best regards, > Lutz >
Windows Apache 2.2.6 OpenSSL 0.9.8f Visual Studio 2005 SP1 [Wed Oct 17 12:11:39 2007] [error] unusably short session_id provided (0 bytes) > libhttpd.dll!log_error_core(const char * file=0x6fd22d54, int > line=0x000002d3, int level=0x00000003, int status=0x00000000, const > server_rec * s=0x0093bf40, const conn_rec * c=0x00000000, const request_rec * > r=0x00000000, apr_pool_t * pool=0x00000000, const char * fmt=0x6fd22d24, char > * args=0x048afa90) Line 658 C libhttpd.dll!ap_log_error(const char * file=0x6fd22d54, int line=0x000002d3, int level=0x00000003, int status=0x00000000, const server_rec * s=0x0093bf40, const char * fmt=0x6fd22d24, ...) Line 677 + 0x27 bytes C mod_ssl.so!shmcb_retrieve_session(server_rec * s=0x0093bf40, void * shm_segment=0x00b80008, unsigned char * id=0x009e69df, int idlen=0x00000000) Line 724 + 0x21 bytes C mod_ssl.so!ssl_scache_shmcb_retrieve(server_rec * s=0x0093bf40, unsigned char * id=0x009e69df, int idlen=0x00000000) Line 432 + 0x18 bytes C mod_ssl.so!ssl_scache_retrieve(server_rec * s=0x0093bf40, unsigned char * id=0x009e69df, int idlen=0x00000000) Line 115 + 0x11 bytes C mod_ssl.so!ssl_callback_GetSessionCacheEntry(ssl_st * ssl=0x009ddfd0, unsigned char * id=0x009e69df, int idlen=0x00000000, int * do_copy=0x048afb50) Line 1670 + 0x11 bytes C ssleay32.dll!ssl_get_prev_session(ssl_st * s=0x009ddfd0, unsigned char * session_id=0x009e69df, int len=0x00000000, const unsigned char * limit=0x009e69f9) Line 352 + 0x34 bytes C ssleay32.dll!ssl3_get_client_hello(ssl_st * s=0x009ddfd0) Line 753 + 0x18 bytes C ssleay32.dll!ssl3_accept(ssl_st * s=0x009ddfd0) Line 282 + 0x9 bytes C ssleay32.dll!SSL_accept(ssl_st * s=0x009ddfd0) Line 850 + 0xf bytes C ssleay32.dll!ssl23_get_client_hello(ssl_st * s=0x009ddfd0) Line 568 + 0x9 bytes C ssleay32.dll!ssl23_accept(ssl_st * s=0x009ddfd0) Line 203 + 0x9 bytes C ssleay32.dll!SSL_accept(ssl_st * s=0x009ddfd0) Line 850 + 0xf bytes C mod_ssl.so!ssl_io_filter_connect(ssl_filter_ctx_t * filter_ctx=0x009db488) Line 1047 + 0xb bytes C mod_ssl.so!ssl_io_filter_input(ap_filter_t * f=0x009e36a8, apr_bucket_brigade * bb=0x009e5560, ap_input_mode_t mode=AP_MODE_GETLINE, apr_read_type_e block=APR_BLOCK_READ, __int64 readbytes=0x0000000000000000) Line 1292 + 0xf bytes C libhttpd.dll!ap_get_brigade(ap_filter_t * next=0x009e36a8, apr_bucket_brigade * bb=0x009e5560, ap_input_mode_t mode=AP_MODE_GETLINE, apr_read_type_e block=APR_BLOCK_READ, __int64 readbytes=0x0000000000000000) Line 490 + 0x22 bytes C libhttpd.dll!ap_rgetline_core(char * * s=0x009e4788, unsigned int n=0x00002000, unsigned int * read=0x048afeb4, request_rec * r=0x009e4770, int fold=0x00000000, apr_bucket_brigade * bb=0x009e5560) Line 232 + 0x1b bytes C libhttpd.dll!read_request_line(request_rec * r=0x009e4770, apr_bucket_brigade * bb=0x009e5560) Line 597 + 0x27 bytes C libhttpd.dll!ap_read_request(conn_rec * conn=0x009dafd8) Line 891 + 0xd bytes C libhttpd.dll!ap_process_http_connection(conn_rec * c=0x009dafd8) Line 177 + 0x9 bytes C libhttpd.dll!ap_run_process_connection(conn_rec * c=0x009dafd8) Line 43 + 0x50 bytes C libhttpd.dll!ap_process_connection(conn_rec * c=0x009dafd8, void * csd=0x009d5f60) Line 180 C libhttpd.dll!worker_main(void * thread_num_val=0x000000f0) Line 777 C msvcr80d.dll!__beginthreadex() + 0x221 bytes msvcr80d.dll!__beginthreadex() + 0x1c7 bytes [EMAIL PROTECTED]() + 0x52 bytes