Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 87cfd668786d5bb0bfbae36082b5c7fe15a9a3f0
commit87cfd668786d5bb0bfbae36082b5c7fe15a9a3f0[log] [tgz]
authorEmeric Brun <ebrun@haproxy.com>Fri Sep 06 15:36:02 2019 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Tue Sep 10 10:38:50 2019 +0200
tree3221fb9d5ad94fa239f7922c9e35df66e301ff8c
parent345ddf4a9bccf30d9eeff01027cb5934c00b68e9 [diff]
BUG/MAJOR: ssl: ssl_sock was not fully initialized.

'ssl_sock' wasn't fully initialized so a new session can inherit some
flags from an old one.

This causes some fetches, related to client's certificate presence or
its verify status and errors, returning erroneous values.

This issue could generate other unexpected behaviors because a new
session could also inherit other flags such as SSL_SOCK_ST_FL_16K_WBFSIZE,
SSL_SOCK_SEND_UNLIMITED, or SSL_SOCK_RECV_HEARTBEAT from an old session.

This must be backported to 2.0 but it's useless for previous.

(cherry picked from commit 5762a0db0a606cab09fbf912232ee927f99f4c2d)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
1 file changed
tree: 3221fb9d5ad94fa239f7922c9e35df66e301ff8c
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION