Corrupted ssl session id

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I use openssl library in a daemon, and there are a lot of crashes around ssl session management.
A crash happens when ssl sessions are flushed via SSL_CTX_flush_sessions(), because they could have bad session id.

Here, the life of one session: 

ptr_addr:      refcount: type[session_id] (function:line)
0x807807600:   1:SSL_SESSION [0x0] (SSL_SESSION_new:205)
0x807807600:   1:--> SSL_SESSION CHECK BEFORE [0x0] (ssl3_get_new_session_ticket:2236)
0x807807600:   1:--> SSL_SESSION CHECK AFTER [0xaa685c61] (ssl3_get_new_session_ticket:2244)
0x807807600:   2:SSL_SESSION [0xaa685c61] (SSL_CTX_add_session:673)
0x807807600:   3:SSL_SESSION [0xaa685c61] (ssl_update_cache:2456)
0x807807600:   2:SSL_SESSION_FREE [0xaa685c61] (SSL_free:559)
0x807807600:   3:SSL_SESSION [0xaa685c61] (SSL_set_session:855)
0x807807600:   3:--> SSL_SESSION CHECK BEFORE [0xaa685c61] (ssl3_client_hello:731)
0x807807600:   3:--> SSL_SESSION CHECK AFTER [0xaa685c61] (ssl3_client_hello:733)
0x807807600:   3:--> SSL_SESSION CHECK BEFORE [0xaa685c61] (ssl3_get_new_session_ticket:2236)
0x807807600:   3:--> SSL_SESSION CHECK AFTER [0xe47912b1] (ssl3_get_new_session_ticket:2244)
0x807807600:   2:SSL_SESSION_FREE [0xe47912b1] (SSL_free:559)
...

The server requests new session ticket (SSL3_ST_CR_SESSION_TICKET_[AB]),
but the session id is already initialized.

To fix it, I thought to free the old ssl session and to create a new one in ssl3_connect(), in case SSL3_ST_CR_SESSION_TICKET_[AB],
before ssl3_get_new_session_ticket() call, but I'm not sure it's a good fix.

Could you help me? Do you need more details about my issue?

Thanks,

Olivier


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux