From: Emeric Brun <ebrun@exceliance.fr>
Date: Thu, 4 Oct 2012 15:09:56 +0000 (+0200)
Subject: BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes
X-Git-Tag: v1.5-dev13~190
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9fa8973abb84d30888759c8f3690c86ec708873f;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes

On server's configuration change, if the previously used
cipher is disabled, all subsequent connect attempts fail.

Fix consists in freeing cached session on handshake failure.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 88a5adb7d9..9f61198655 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -747,6 +747,12 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
 	return 1;
 
  out_error:
+	/* free resumed session if exists */
+	if (target_srv(&conn->target) && target_srv(&conn->target)->ssl_ctx.reused_sess) {
+		SSL_SESSION_free(target_srv(&conn->target)->ssl_ctx.reused_sess);
+		target_srv(&conn->target)->ssl_ctx.reused_sess = NULL;
+	}
+
 	/* Fail on all other handshake errors */
 	conn->flags |= CO_FL_ERROR;
 	conn->flags &= ~flag;