Menu

#709 SSL session ID cache not working

closed-fixed
Daniel Stenberg
libcurl (356)
5
2013-06-21
2007-12-01
pekowski
No

The SSL session ID cache is not working. I discovered that the sessionid variable was always set to 0 (FALSE). I found that this is due to not being part of the Curl_clone_config routine in lib/sslgen.c.

Here is the beginning of the corrected routine with my initials on the added line:

bool
Curl_clone_ssl_config(struct ssl_config_data *source,
struct ssl_config_data *dest)
{
dest->sessionid = source->sessionid; /*RPP*/
dest->verifyhost = source->verifyhost;
dest->verifypeer = source->verifypeer;
dest->version = source->version;
...

In addition, it would probably be a good idea to update the Curl_ssl_config_mathes routine as follows (again my initials are on the added line):

bool
Curl_ssl_config_matches(struct ssl_config_data* data,
struct ssl_config_data* needle)
{
if((data->version == needle->version) &&
(data->sessionid == needle->sessionid) && /*RPP*/
(data->verifypeer == needle->verifypeer) &&
(data->verifyhost == needle->verifyhost) &&
safe_strequal(data->CApath, needle->CApath) &&
safe_strequal(data->CAfile, needle->CAfile) &&
safe_strequal(data->random_file, needle->random_file) &&
safe_strequal(data->egdsocket, needle->egdsocket) &&
safe_strequal(data->cipher_list, needle->cipher_list))
return TRUE;

return FALSE;
}

Discussion

  • Daniel Stenberg

    Daniel Stenberg - 2007-12-03

    Logged In: YES
    user_id=1110
    Originator: NO

    Thanks a lot!

    The first fix is no doubt correct, but I don't think the second is necessary since it'll use that to check for the id in the cache and it shouldn't be there unless cache is requested...

    BTW, "diff -u" is a much better output to use to provide patches/improvemens with!

    If you give me your full name I'll give you proper credit for this fix in the changelog.

     

  • Daniel Stenberg

    Daniel Stenberg - 2007-12-03
    • status: open --> closed-fixed
     

  • pekowski

    pekowski - 2007-12-03

    Logged In: YES
    user_id=1949539
    Originator: YES

    Good point about the Curl_ssl_config_matches() function. Agreed, the change isn't necessary :-). You can put my name in the change log as Ray Pekowski. That would be cool. And thanks for this awesome tool. We plan to make heavy use of it. Some of the reasons are that is has the functionality we need like being able to control SSL sessions and we have the source. Now that I've taken a look at the souce I'm very happy with how well written it is. I think we made a good choice.