git.ipfire.org Git - thirdparty/bind9.git/commit

author	Artem Boldariev <artem@boldariev.com>
	Mon, 23 May 2022 10:41:06 +0000 (13:41 +0300)
committer	Artem Boldariev <artem@boldariev.com>
	Mon, 23 May 2022 15:25:18 +0000 (18:25 +0300)
commit	40be3c926309867ebaeb4b1dcd7e1199473dea4d
tree	560037fe9a89b4354fa6920dd60cb1b09da89b41	tree \| snapshot
parent	31f937cb054713e8df446fbae5130c253e278c6d	commit \| diff

Do not provide a shim for SSL_SESSION_is_resumable()

The recently added TLS client session cache used
SSL_SESSION_is_resumable() to avoid polluting the cache with
non-resumable sessions. However, it turned out that we cannot provide
a shim for this function across the whole range of OpenSSL versions
due to the fact that OpenSSL 1.1.0 does uses opaque pointers for
SSL_SESSION objects.

The commit replaces the shim for SSL_SESSION_is_resumable() with a non
public approximation of it on systems shipped with OpenSSL 1.1.0. It
is not turned into a proper shim because it does not fully emulate the
behaviour of SSL_SESSION_is_resumable(), but in our case it is good
enough, as it still helps to protect the cache from pollution.

For systems shipped with OpenSSL 1.0.X and derivatives (e.g. older
versions of LibreSSL), the provided replacement perfectly mimics the
function it is intended to replace.

lib/isc/openssl_shim.c		diff \| blob \| blame \| history
lib/isc/openssl_shim.h		diff \| blob \| blame \| history
lib/isc/tls.c		diff \| blob \| blame \| history