From: Giovanni Bechis Date: Tue, 4 Apr 2023 21:34:57 +0000 (+0000) Subject: add SSL_CTX_set_session_id_context(3) checks X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fae4895b8dbcedfde2933e86859e38d0c94324f0;p=thirdparty%2Fapache%2Fhttpd.git add SSL_CTX_set_session_id_context(3) checks bz #66226 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908971 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number index 2624afa3656..021188b7975 100644 --- a/docs/log-message-tags/next-number +++ b/docs/log-message-tags/next-number @@ -1 +1 @@ -10422 +10423 diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 96aaf6602d0..a416ce3f0f4 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -988,9 +988,17 @@ static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirCo "protocol (%s support secure renegotiation)", reneg_support); - SSL_set_session_id_context(ssl, + if(!SSL_set_session_id_context(ssl, (unsigned char *)&id, - sizeof(id)); + sizeof(id))) { + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10422) + "error setting SSL session context"); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server); + + r->connection->keepalive = AP_CONN_CLOSE; + return HTTP_FORBIDDEN; + } /* Toggle the renegotiation state to allow the new * handshake to proceed. */ @@ -2576,7 +2584,9 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s) * a renegotiation. */ if (SSL_num_renegotiations(ssl) == 0) { - SSL_set_session_id_context(ssl, sc->vhost_md5, APR_MD5_DIGESTSIZE*2); + if(!SSL_set_session_id_context(ssl, sc->vhost_md5, APR_MD5_DIGESTSIZE*2)) { + return 0; + } } /*