changeset 847:6d85be38374c

ssl: Set session_id This allows session re-negoatiation to work in conjunction with the verification of client certificates. In particular, it allows Thunderbird 3.1 to connect to perdition using TLS. An alternate work-around is to disable all certificate verification using --ssl_no_client_cert_verify or disable client certificate verification using --ssl_no_cert_verify (introduced in 1.19-rc1). This relates to Mozilla Bug #575915 https://bugzilla.mozilla.org/show_bug.cgi?id=575915 Tested-by: John Feuerstein <john@feurix.com> Signed-off-by: Simon Horman <horms@verge.net.au>
author Simon Horman <horms@verge.net.au>
date Wed, 28 Jul 2010 10:28:43 +0900
parents 8fc81b820353
children 72fac8384b7c
files perdition/ssl.c
diffstat 1 files changed, 8 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/perdition/ssl.c	Mon Jul 26 15:29:04 2010 +0900
+++ b/perdition/ssl.c	Wed Jul 28 10:28:43 2010 +0900
@@ -528,6 +528,14 @@
 		return NULL;
 	}
 
+	/* Set context for session */
+	if (!SSL_CTX_set_session_id_context(ssl_ctx,
+					    (unsigned char *)PACKAGE,
+					    strlen(PACKAGE))) {
+		VANESSA_LOGGER_DEBUG("SSL_CTX_set_session_id_context");
+		goto err;
+	}
+
 	/*
 	 * Set the available ciphers
 	 */