summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPřemysl Janouch <p.janouch@gmail.com>2014-08-05 21:15:24 +0200
committerPřemysl Janouch <p.janouch@gmail.com>2014-08-05 21:15:24 +0200
commit9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a (patch)
tree8bbb60a27a63ec52f22c2912d3e17eb0ae04effc
parent08b93c3a71fcdfd845eeef10f5b25dd7353b7856 (diff)
downloadxK-9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a.tar.gz
xK-9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a.tar.xz
xK-9b2b3844e2e8f8ff1f22fc0fcb804615214f9a7a.zip
kike: set the OpenSSL's session ID context
Fixes handshake failure on session reuse attempts.
-rw-r--r--src/kike.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/kike.c b/src/kike.c
index 01f7716..738e828 100644
--- a/src/kike.c
+++ b/src/kike.c
@@ -2269,6 +2269,11 @@ irc_initialize_ssl (struct server_context *ctx, struct error **e)
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, irc_ssl_verify_callback);
// XXX: maybe we should call SSL_CTX_set_options() for some workarounds
+ const unsigned char session_id_context[SSL_MAX_SSL_SESSION_ID_LENGTH]
+ = PROGRAM_NAME;
+ (void) SSL_CTX_set_session_id_context (ctx->ssl_ctx,
+ session_id_context, sizeof session_id_context);
+
// XXX: perhaps we should read the files ourselves for better messages
if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path))
{