From: Emeric Brun <ebrun@exceliance.fr>
Date: Thu, 4 Oct 2012 15:09:56 +0000 (+0200)
Subject: BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes
X-Git-Tag: v1.5-dev13~190
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=9fa8973abb84d30888759c8f3690c86ec708873f;p=haproxy.git

BUG/MEDIUM: ssl: subsequent handshakes fail after server configuration changes

On server's configuration change, if the previously used
cipher is disabled, all subsequent connect attempts fail.

Fix consists in freeing cached session on handshake failure.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 88a5adb7d..9f6119865 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -747,6 +747,12 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
 	return 1;
 
  out_error:
+	/* free resumed session if exists */
+	if (target_srv(&conn->target) && target_srv(&conn->target)->ssl_ctx.reused_sess) {
+		SSL_SESSION_free(target_srv(&conn->target)->ssl_ctx.reused_sess);
+		target_srv(&conn->target)->ssl_ctx.reused_sess = NULL;
+	}
+
 	/* Fail on all other handshake errors */
 	conn->flags |= CO_FL_ERROR;
 	conn->flags &= ~flag;