stream-ssl: Set SSL session cache mode to disables.

To enable SSL clients to reconnect with the ovs-testcontoller without being rejected, one must either set the SSL Session ID flag or disable the SSL caching. This patch disables the SSL caching/reuse. In the absence of this fix, the error message from ovs-testcontroller is as below: SSL protocol error: SSL_accept (error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized) See <https://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html>. Validation: Tested with ovs-testcontroller, by performing SSL reconnection with OpenSSL based SSL client. Signed-off-by: Guru Chaitanya Perakam <[email protected]> Reported-by: Guru Chaitanya Perakam <[email protected]> Signed-off-by: Ben Pfaff <[email protected]>
nail-lian · Jul 6, 2015 · 895107e · 895107e
1 parent bc500e3
commit 895107e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -70,6 +70,7 @@ Gianluca Merlo          [email protected]
 Giuseppe Lettieri       [email protected]
 Glen Gibb               [email protected]
 Guolin Yang             [email protected]
+Guru Chaitanya Perakam  [email protected]
 Gurucharan Shetty       [email protected]
 Henry Mai               [email protected]
 Hao Zheng               [email protected]

diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
@@ -971,6 +971,7 @@ do_ssl_init(void)
     SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                        NULL);
+    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
 
     return 0;
 }