From: Benjamin Kaduk Date: Fri, 26 Jan 2018 17:16:21 +0000 (-0600) Subject: Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER X-Git-Tag: OpenSSL_1_1_1-pre4~91 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d316cdcf6d8d6934663278145fe0a8191e14a8c5;p=oweals%2Fopenssl.git Do not cache sessions with zero sid_ctx_length when SSL_VERIFY_PEER The sid_ctx is something of a "certificate request context" or a "session ID context" -- something from the application that gives extra indication of what sort of thing this session is/was for/from. Without a sid_ctx, we only know that there is a session that we issued, but it could have come from a number of things, especially with an external (shared) session cache. Accordingly, when resuming, we will hard-error the handshake when presented with a session with zero-length sid_ctx and SSL_VERIFY_PEER is set -- we simply have no information about the peer to verify, so the verification must fail. In order to prevent these future handshake failures, proactively decline to add the problematic sessions to the session cache. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5175) --- diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 062f5cef3f..b66cd71d90 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3427,6 +3427,18 @@ void ssl_update_cache(SSL *s, int mode) if (s->session->session_id_length == 0) return; + /* + * If sid_ctx_length is 0 there is no specific application context + * associated with this session, so when we try to resume it and + * SSL_VERIFY_PEER is requested, we have no indication that this is + * actually a session for the proper application context, and the + * *handshake* will fail, not just the resumption attempt. + * Do not cache these sessions that are not resumable. + */ + if (s->session->sid_ctx_length == 0 + && (s->verify_mode & SSL_VERIFY_PEER) != 0) + return; + i = s->session_ctx->session_cache_mode; if ((i & mode) != 0 && (!s->hit || SSL_IS_TLS13(s))