diff options
author | Giovanni Bechis <gbechis@apache.org> | 2023-04-04 21:34:57 +0000 |
---|---|---|
committer | Giovanni Bechis <gbechis@apache.org> | 2023-04-04 21:34:57 +0000 |
commit | fae4895b8dbcedfde2933e86859e38d0c94324f0 (patch) | |
tree | a6ec8a6f52b7bfe06af78cf14539eba4fcbd4d35 /modules | |
parent | 132d4ee48f1c1ee786d13b61017e8e549a70d2de (diff) | |
download | httpd-fae4895b8dbcedfde2933e86859e38d0c94324f0.tar.gz |
add SSL_CTX_set_session_id_context(3) checks
bz #66226
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908971 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
-rw-r--r-- | modules/ssl/ssl_engine_kernel.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 96aaf6602d..a416ce3f0f 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -988,9 +988,17 @@ static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirCo "protocol (%s support secure renegotiation)", reneg_support); - SSL_set_session_id_context(ssl, + if(!SSL_set_session_id_context(ssl, (unsigned char *)&id, - sizeof(id)); + sizeof(id))) { + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10422) + "error setting SSL session context"); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server); + + r->connection->keepalive = AP_CONN_CLOSE; + return HTTP_FORBIDDEN; + } /* Toggle the renegotiation state to allow the new * handshake to proceed. */ @@ -2576,7 +2584,9 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s) * a renegotiation. */ if (SSL_num_renegotiations(ssl) == 0) { - SSL_set_session_id_context(ssl, sc->vhost_md5, APR_MD5_DIGESTSIZE*2); + if(!SSL_set_session_id_context(ssl, sc->vhost_md5, APR_MD5_DIGESTSIZE*2)) { + return 0; + } } /* |