BUG/MEDIUM: ssl: Fix handshake failure on session resumption with client cert. Openssl session_id_context was not set on cached sessions so handshake returns an error.

commit: 786991e8b7a4f2da9843c5b11dcb0be7ba2c8a92 [log] [tgz]
author: Emeric Brun <ebrun@exceliance.fr> Mon Nov 26 18:37:12 2012 +0100
committer: Willy Tarreau <w@1wt.eu> Mon Nov 26 18:43:21 2012 +0100
tree: 06368a2489e677925ff3bc8c4b07a1d4590cd857
parent: 78bbeb4a994c6a567b567954d608a6a05f942721 [diff]
diff --git a/include/proto/shctx.h b/include/proto/shctx.h
index 6705664..379be35 100644
--- a/include/proto/shctx.h
+++ b/include/proto/shctx.h

@@ -29,6 +29,10 @@
 #define SHCTX_DEFAULT_SIZE 20000
 #endif
 
+#ifndef SHCTX_APPNAME
+#define SHCTX_APPNAME "haproxy"
+#endif
+
 #define SHSESS_MAX_ENCODED_LEN SSL_MAX_SSL_SESSION_ID_LENGTH \
 				+ SHSESS_MAX_DATA_LEN \
 				+ SHSESS_MAX_FOOTER_LEN

diff --git a/src/shctx.c b/src/shctx.c
index 0db443d..3375ead 100644
--- a/src/shctx.c
+++ b/src/shctx.c

@@ -447,6 +447,9 @@
 	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
 	                                    SSL_SESS_CACHE_NO_INTERNAL |
 	                                    SSL_SESS_CACHE_NO_AUTO_CLEAR);
+
+	SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
+
 	if (!shctx)
 		return;
commit	786991e8b7a4f2da9843c5b11dcb0be7ba2c8a92	[log] [tgz]
author	Emeric Brun <ebrun@exceliance.fr>	Mon Nov 26 18:37:12 2012 +0100
committer	Willy Tarreau <w@1wt.eu>	Mon Nov 26 18:43:21 2012 +0100
tree	06368a2489e677925ff3bc8c4b07a1d4590cd857
parent	78bbeb4a994c6a567b567954d608a6a05f942721 [diff]