From: Nenad Merdanovic <nmerdan@haproxy.com>
Date: Sun, 14 Apr 2019 14:06:46 +0000 (+0200)
Subject: BUG/MINOR: ssl: Fix 48 byte TLS ticket key rotation
X-Git-Tag: v2.0-dev3~277
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Fix 48 byte TLS ticket key rotation

Whenever HAProxy was reloaded with rotated keys, the resumption would be
broken for previous encryption key. The bug was introduced with the addition
of 80 byte keys in 9e7547 (MINOR: ssl: add support of aes256 bits ticket keys
on file and cli.).

This fix needs to be backported to 1.9.
---

diff --git a/include/types/ssl_sock.h b/include/types/ssl_sock.h
index a2fff77f65..20b08a5c42 100644
--- a/include/types/ssl_sock.h
+++ b/include/types/ssl_sock.h
@@ -63,7 +63,7 @@ struct tls_sess_key_256 {
 
 union tls_sess_key{
 	unsigned char name[16];
-	struct tls_sess_key_256 key_128;
+	struct tls_sess_key_128 key_128;
 	struct tls_sess_key_256 key_256;
 } __attribute__((packed));