mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-31 06:15:47 +00:00
Code Issues Releases Wiki Activity

stream-ssl: Set SSL session cache mode to disables.

Browse Source 
To enable SSL clients to reconnect with the ovs-testcontoller without being
rejected, one must either set the SSL Session ID flag or disable the
SSL caching. This patch disables the SSL caching/reuse.

In the absence of this fix, the error message from ovs-testcontroller is as
below:

  SSL protocol error: SSL_accept (error:140D9115:SSL
  routines:SSL_GET_PREV_SESSION:session id context uninitialized)

See <https://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html>.

Validation: Tested with ovs-testcontroller, by performing SSL reconnection
with OpenSSL based SSL client.

Signed-off-by: Guru Chaitanya Perakam <gperakam@brocade.com>
Reported-by: Guru Chaitanya Perakam <gperakam@brocade.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
This commit is contained in:
Guru Chaitanya Perakam
2015-07-03 10:47:31 +05:30
committed by Ben Pfaff
parent bc500e3187
commit 895107e4fe
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/stream-ssl.c
View File

@@ -971,6 +971,7 @@ do_ssl_init(void)
SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
NULL);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
return 0;
}