To enable SSL clients to reconnect with the ovs-testcontoller without being
rejected, one must either set the SSL Session ID flag or disable the
SSL caching. This patch disables the SSL caching/reuse.
In the absence of this fix, the error message from ovs-testcontroller is as
below:
SSL protocol error: SSL_accept (error:
140D9115:SSL
routines:SSL_GET_PREV_SESSION:session id context uninitialized)
See <https://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html>.
Validation: Tested with ovs-testcontroller, by performing SSL reconnection
with OpenSSL based SSL client.
Signed-off-by: Guru Chaitanya Perakam <gperakam@brocade.com>
Reported-by: Guru Chaitanya Perakam <gperakam@brocade.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Giuseppe Lettieri g.lettieri@iet.unipi.it
Glen Gibb grg@stanford.edu
Guolin Yang gyang@nicira.com
+Guru Chaitanya Perakam gperakam@Brocade.com
Gurucharan Shetty gshetty@nicira.com
Henry Mai hmai@nicira.com
Hao Zheng hzheng@nicira.com
SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
NULL);
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
return 0;
}