diff options
| -rw-r--r-- | src/backend/libpq/be-secure-openssl.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index 37af6e4fdaf..b06f987b3fd 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -595,6 +595,10 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor) */ SSL_clear_num_renegotiations(port->ssl); + /* without this, renegotiation fails when a client cert is used */ + SSL_set_session_id_context(port->ssl, (void *) &SSL_context, + sizeof(SSL_context)); + if (SSL_renegotiate(port->ssl) <= 0) ereport(COMMERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), |