From: Emeric Brun <ebrun@exceliance.fr>
Date: Mon, 26 Nov 2012 17:37:12 +0000 (+0100)
Subject: BUG/MEDIUM: ssl: Fix handshake failure on session resumption with client cert.
X-Git-Tag: v1.5-dev15~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=786991e8b7a4f2da9843c5b11dcb0be7ba2c8a92;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl: Fix handshake failure on session resumption with client cert.

Openssl session_id_context was not set on cached sessions so handshake returns an error.
---

diff --git a/include/proto/shctx.h b/include/proto/shctx.h
index 6705664d55..379be355f7 100644
--- a/include/proto/shctx.h
+++ b/include/proto/shctx.h
@@ -29,6 +29,10 @@
 #define SHCTX_DEFAULT_SIZE 20000
 #endif
 
+#ifndef SHCTX_APPNAME
+#define SHCTX_APPNAME "haproxy"
+#endif
+
 #define SHSESS_MAX_ENCODED_LEN SSL_MAX_SSL_SESSION_ID_LENGTH \
 				+ SHSESS_MAX_DATA_LEN \
 				+ SHSESS_MAX_FOOTER_LEN
diff --git a/src/shctx.c b/src/shctx.c
index 0db443decb..3375ead6c6 100644
--- a/src/shctx.c
+++ b/src/shctx.c
@@ -447,6 +447,9 @@ void shared_context_set_cache(SSL_CTX *ctx)
 	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
 	                                    SSL_SESS_CACHE_NO_INTERNAL |
 	                                    SSL_SESS_CACHE_NO_AUTO_CLEAR);
+
+	SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
+
 	if (!shctx)
 		return;