]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 646b774)
BUG/MINOR: ssl: Fix 48 byte TLS ticket key rotation
authorNenad Merdanovic <nmerdan@haproxy.com>
Sun, 14 Apr 2019 14:06:46 +0000 (16:06 +0200)
committerWilly Tarreau <w@1wt.eu>
Mon, 15 Apr 2019 08:09:54 +0000 (10:09 +0200)
Whenever HAProxy was reloaded with rotated keys, the resumption would be
broken for previous encryption key. The bug was introduced with the addition
of 80 byte keys in 9e7547 (MINOR: ssl: add support of aes256 bits ticket keys
on file and cli.).

This fix needs to be backported to 1.9.

include/types/ssl_sock.h patch | blob | blame | history

diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h
index a2fff77f65f4db5406f36fba2d0fc48580854274..20b08a5c422d421d57994a05e534ca6e75e0f871 100644 (file)
--- a/include/types/ssl_sock.h
+++ b/include/types/ssl_sock.h
@@ -63,7 +63,7 @@ struct tls_sess_key_256 {
 
 union tls_sess_key{
        unsigned char name[16];
-       struct tls_sess_key_256 key_128;
+       struct tls_sess_key_128 key_128;
        struct tls_sess_key_256 key_256;
 } __attribute__((packed));
 
Mirror of https://github.com/haproxy/haproxy.git