Commit 1c2b7c08 authored by Heikki Linnakangas's avatar Heikki Linnakangas

Restore the SSL_set_session_id_context() call to OpenSSL renegotiation.

This reverts the removal of the call in commit (272923a0). It turns out it
wasn't superfluous after all: without it, renegotiation fails if a client
certificate was used. The rest of the changes in that commit are still OK
and not reverted.

Per investigation of bug #12769 by Arne Scheffer, although this doesn't fix
the reported bug yet.
parent 9e3ad1aa
...@@ -595,6 +595,10 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor) ...@@ -595,6 +595,10 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
*/ */
SSL_clear_num_renegotiations(port->ssl); SSL_clear_num_renegotiations(port->ssl);
/* without this, renegotiation fails when a client cert is used */
SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
sizeof(SSL_context));
if (SSL_renegotiate(port->ssl) <= 0) if (SSL_renegotiate(port->ssl) <= 0)
ereport(COMMERROR, ereport(COMMERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), (errcode(ERRCODE_PROTOCOL_VIOLATION),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment