diff options
author | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-06-22 13:39:56 +0000 |
---|---|---|
committer | nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-06-22 13:39:56 +0000 |
commit | dea3113ab324ee47fba127ba7745f5213d931536 (patch) | |
tree | e45ae56b73c2f9d588024c4f8f704912bace0620 /ext/openssl | |
parent | 8d836a15e46baacfb136b883e9efa5e08cc4727b (diff) | |
download | ruby-dea3113ab324ee47fba127ba7745f5213d931536.tar.gz |
* ext/openssl/ossl_ssl.c (ossl_sslctx_session_new_cb): Return 0 to
OpenSSL from the callback for SSL_CTX_sess_set_get_cb().
Returning 0 means to OpenSSL that the the session is still valid
(since we created Ruby Session object) and was not freed by us with
SSL_SESSION_free(). Call SSLContext#remove_session(sess) in
session_get_cb block if you don't want OpenSSL to cache the session
internally.
This potential issue was pointed by Ippei Obayashi. See #4416.
* test/openssl/test_ssl_session.rb (test_ctx_server_session_cb): Test
it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32204 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/ossl_ssl.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index fd7b9f5e44..a9f31020eb 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -400,10 +400,16 @@ ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess) ret_obj = rb_protect((VALUE(*)_((VALUE)))ossl_call_session_new_cb, ary, &state); if (state) { rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state)); - return 0; /* what should be returned here??? */ } - return RTEST(ret_obj) ? 1 : 0; + /* + * return 0 which means to OpenSSL that the the session is still + * valid (since we created Ruby Session object) and was not freed by us + * with SSL_SESSION_free(). Call SSLContext#remove_session(sess) in + * session_get_cb block if you don't want OpenSSL to cache the session + * internally. + */ + return 0; } static VALUE |