mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 22:45:39 +00:00
Code Issues Releases Wiki Activity

Fix TLS session resumption via IDs when Mutual TLS is used

Browse Source 
This commit fixes TLS session resumption via session IDs when
client certificates are used. To do so it makes sure that session ID
contexts are set within server TLS contexts. See OpenSSL documentation
for 'SSL_CTX_set_session_id_context()', the "Warnings" section.
This commit is contained in:
Artem Boldariev
2022-12-09 18:44:01 +02:00
parent 39e57ab133
commit 837fef78b1
3 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/isc/tls.c
View File

@@ -1728,3 +1728,16 @@ isc_tlsctx_client_session_cache_getctx(
REQUIRE(VALID_TLSCTX_CLIENT_SESSION_CACHE(cache));
return (cache->ctx);
}
void
isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx) {
uint8_t session_id_ctx[SSL_MAX_SID_CTX_LENGTH] = { 0 };
const size_t len = ISC_MIN(20, sizeof(session_id_ctx));
REQUIRE(ctx != NULL);
RUNTIME_CHECK(RAND_bytes(session_id_ctx, len) == 1);
RUNTIME_CHECK(
SSL_CTX_set_session_id_context(ctx, session_id_ctx, len) == 1);
}