diff options
| author | emboss <emboss@ruby-lang.org> | 2012-06-10 01:53:20 +0000 |
|---|---|---|
| committer | emboss <emboss@ruby-lang.org> | 2012-06-10 01:53:20 +0000 |
| commit | e8ba6aa35e7e5980b85cab26404a6152fd29533e (patch) | |
| tree | ce30cbc0c921345a11810f7df83dda25188d9aca /lib | |
| parent | 2b62bd7a5b1479d3ffb2385e9afa742b5dfb863a (diff) | |
| download | ruby-openssl-history-e8ba6aa35e7e5980b85cab26404a6152fd29533e.tar.gz | |
* lib/openssl/ssl.rb: Use a simple random number to generate the
session id. MD5, as was used before, causes problems when
using a FIPS version of OpenSSL. Issue was found by Jared
Jennings, thank you!
[ruby-trunk - Bug #6137]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36005 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/openssl/ssl.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb index 70b27f4..268e8e9 100644 --- a/lib/openssl/ssl.rb +++ b/lib/openssl/ssl.rb @@ -146,7 +146,9 @@ module OpenSSL @svr = svr @ctx = ctx unless ctx.session_id_context - session_id = OpenSSL::Digest::MD5.hexdigest($0) + # see #6137 - session id may not exceed 32 bytes + prng = ::Random.new($0.hash) + session_id = prng.bytes(16).unpack('H*')[0] @ctx.session_id_context = session_id end @start_immediately = true |