From: Guru Chaitanya Perakam Date: Fri, 3 Jul 2015 05:17:31 +0000 (+0530) Subject: stream-ssl: Set SSL session cache mode to disables. X-Git-Tag: v2.4.0~46 X-Git-Url: http://git.cascardo.eti.br/?p=cascardo%2Fovs.git;a=commitdiff_plain;h=8e5d71b45e1f81897a5a9ecda82b0235113e674a stream-ssl: Set SSL session cache mode to disables. To enable SSL clients to reconnect with the ovs-testcontoller without being rejected, one must either set the SSL Session ID flag or disable the SSL caching. This patch disables the SSL caching/reuse. In the absence of this fix, the error message from ovs-testcontroller is as below: SSL protocol error: SSL_accept (error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized) See . Validation: Tested with ovs-testcontroller, by performing SSL reconnection with OpenSSL based SSL client. Signed-off-by: Guru Chaitanya Perakam Reported-by: Guru Chaitanya Perakam Signed-off-by: Ben Pfaff --- diff --git a/AUTHORS b/AUTHORS index 018d396ad..79be45bb7 100644 --- a/AUTHORS +++ b/AUTHORS @@ -69,6 +69,7 @@ Gianluca Merlo gianluca.merlo@gmail.com Giuseppe Lettieri g.lettieri@iet.unipi.it Glen Gibb grg@stanford.edu Guolin Yang gyang@nicira.com +Guru Chaitanya Perakam gperakam@Brocade.com Gurucharan Shetty gshetty@nicira.com Henry Mai hmai@nicira.com Hao Zheng hzheng@nicira.com diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 156dd2f59..8b063ba32 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -971,6 +971,7 @@ do_ssl_init(void) SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); return 0; }