kike: set the OpenSSL's session ID context

Fixes handshake failure on session reuse attempts.
author: Přemysl Janouch <p.janouch@gmail.com> 2014-08-05 21:15:24 +0200
committer: Přemysl Janouch <p.janouch@gmail.com> 2014-08-05 21:15:24 +0200
commit: 9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a (patch)
tree: 8bbb60a27a63ec52f22c2912d3e17eb0ae04effc
parent: 08b93c3a71fcdfd845eeef10f5b25dd7353b7856 (diff)
download: xK-9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a.tar.gz
xK-9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a.tar.xz
xK-9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/kike.c b/src/kike.c
index 01f7716..738e828 100644
--- a/src/kike.c
+++ b/src/kike.c
@@ -2269,6 +2269,11 @@ irc_initialize_ssl (struct server_context *ctx, struct error **e)
 		SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, irc_ssl_verify_callback);
 	// XXX: maybe we should call SSL_CTX_set_options() for some workarounds
 
+	const unsigned char session_id_context[SSL_MAX_SSL_SESSION_ID_LENGTH]
+		= PROGRAM_NAME;
+	(void) SSL_CTX_set_session_id_context (ctx->ssl_ctx,
+		session_id_context, sizeof session_id_context);
+
 	// XXX: perhaps we should read the files ourselves for better messages
 	if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path))
 	{
author	Přemysl Janouch <p.janouch@gmail.com>	2014-08-05 21:15:24 +0200
committer	Přemysl Janouch <p.janouch@gmail.com>	2014-08-05 21:15:24 +0200
commit	9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a (patch)
tree	8bbb60a27a63ec52f22c2912d3e17eb0ae04effc
parent	08b93c3a71fcdfd845eeef10f5b25dd7353b7856 (diff)
download	xK-9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a.tar.gz xK-9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a.tar.xz xK-9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a.zip