From 5762a0db0a606cab09fbf912232ee927f99f4c2d Mon Sep 17 00:00:00 2001 From: Emeric Brun Date: Fri, 6 Sep 2019 15:36:02 +0200 Subject: [PATCH] BUG/MAJOR: ssl: ssl_sock was not fully initialized. 'ssl_sock' wasn't fully initialized so a new session can inherit some flags from an old one. This causes some fetches, related to client's certificate presence or its verify status and errors, returning erroneous values. This issue could generate other unexpected behaviors because a new session could also inherit other flags such as SSL_SOCK_ST_FL_16K_WBFSIZE, SSL_SOCK_SEND_UNLIMITED, or SSL_SOCK_RECV_HEARTBEAT from an old session. This must be backported to 2.0 but it's useless for previous. --- src/ssl_sock.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 06da1d921..7796bf907 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5173,6 +5173,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx) ctx->conn = conn; ctx->send_wait = NULL; ctx->recv_wait = NULL; + ctx->xprt_st = 0; + ctx->xprt_ctx = NULL; /* Only work with sockets for now, this should be adapted when we'll * add QUIC support.