SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED despite SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED despite SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)

Claus Assmann
I've got a bug report that my MTA fails from time to time during the
TLS handshake with the following error:

4476:error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized:ssl_sess.c:413

(OpenSSL 0.9.8m and 1.0.0.Beta5)

The MTA tries to turn off the session cache using
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF),
however, that does not seem to be sufficient.

I looked at the OpenSSL source code:
ssl_get_prev_session()
and according to my reading and some debug output that I added
it seems it is not obeying the SSL_SESS_CACHE_OFF setting.

after tls1_process_ticket() I get:
ssl_get_prev_session, tlsext, r=1, mode=0
then
        if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
is taken:
ssl_get_prev_session, mode=1, VRFY=1
and the invocation fails:
8288:error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context unini
tialized:ssl_sess.c:535  


Should SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)
be sufficient to turn off the session cache? It seems more is
necessary, e.g., SSL_CTX_set_session_id_context() at least?
If so, can that be documented please?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]