Branch: Tag:

2015-04-09

2015-04-09 11:20:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Context: Reduce aggressivity of purge_session() for <= TLS 1.2.

In TLS 1.2 and earlier it is possible to have multiple concurrent
connections using the same session. In particular there may be a
concurrent connection performing session resumption handshaking
at the same time as the session is being purged.

Fixes "Internal server error: Bad argument 1 to sizeof()." in
__builtin.Nettle.Hash() called via Connection.hash_messages(),
which was often triggered by Google Chrome.

927:    * establish new connections.    */    s->identity = 0; +  if (s->version > PROTOCOL_TLS_1_2) { +  // In TLS 1.2 and earlier the master_secret may be shared +  // between multiple concurrent connections (cf eg above), +  // so we can't scratch the master secret.    s->master_secret = 0; -  +  }    /* There's no need to remove the id from the active_sessions queue */   }