BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes On server's configuration change, if the previously used cipher is disabled, all subsequent connect attempts fail. Fix consists in freeing cached session on handshake failure.

commit: 9fa8973abb84d30888759c8f3690c86ec708873f [log] [tgz]
author: Emeric Brun <ebrun@exceliance.fr> Thu Oct 04 17:09:56 2012 +0200
committer: Willy Tarreau <w@1wt.eu> Fri Oct 05 21:46:52 2012 +0200
tree: bbf09d7330e28ce29b240d5d02cc80a0c782b59b
parent: 3b5bc665542aa504a691c662ecd548dc5bd54b4e [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 88a5adb..9f61198 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -747,6 +747,12 @@
 	return 1;
 
  out_error:
+	/* free resumed session if exists */
+	if (target_srv(&conn->target) && target_srv(&conn->target)->ssl_ctx.reused_sess) {
+		SSL_SESSION_free(target_srv(&conn->target)->ssl_ctx.reused_sess);
+		target_srv(&conn->target)->ssl_ctx.reused_sess = NULL;
+	}
+
 	/* Fail on all other handshake errors */
 	conn->flags |= CO_FL_ERROR;
 	conn->flags &= ~flag;
commit	9fa8973abb84d30888759c8f3690c86ec708873f	[log] [tgz]
author	Emeric Brun <ebrun@exceliance.fr>	Thu Oct 04 17:09:56 2012 +0200
committer	Willy Tarreau <w@1wt.eu>	Fri Oct 05 21:46:52 2012 +0200
tree	bbf09d7330e28ce29b240d5d02cc80a0c782b59b
parent	3b5bc665542aa504a691c662ecd548dc5bd54b4e [diff]