From 9fa8973abb84d30888759c8f3690c86ec708873f Mon Sep 17 00:00:00 2001 From: Emeric Brun Date: Thu, 4 Oct 2012 17:09:56 +0200 Subject: [PATCH] BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes On server's configuration change, if the previously used cipher is disabled, all subsequent connect attempts fail. Fix consists in freeing cached session on handshake failure. --- src/ssl_sock.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 88a5adb7d..9f6119865 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -747,6 +747,12 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag) return 1; out_error: + /* free resumed session if exists */ + if (target_srv(&conn->target) && target_srv(&conn->target)->ssl_ctx.reused_sess) { + SSL_SESSION_free(target_srv(&conn->target)->ssl_ctx.reused_sess); + target_srv(&conn->target)->ssl_ctx.reused_sess = NULL; + } + /* Fail on all other handshake errors */ conn->flags |= CO_FL_ERROR; conn->flags &= ~flag;