SSL session reuse crash (BR73916)

George Staikos staikos at kde.org
Tue Feb 3 10:54:42 GMT 2004


On Sunday 01 February 2004 10:07, Waldo Bastian wrote:
> I have applied the attached patch to prevent a SSL session id reuse crash.
> Someone who actually knows how SSL session id reuse is supposed to work may
> want to have a look at this to see if this is the correct solution or
> whether things go wrong earlier already.
>
> See http://bugs.kde.org/show_bug.cgi?id=73916 for details.

  There are other possible crashes too.  I just haven't had time to fix them 
all yet.  Changing from SSLv3 to v2 or vice versa and reusing the session 
crashes inside openssl.  I'm not even sure it's up to us to fix this anyway.  
Your patch looks reasonable, but I want to double check to make sure that the 
cache doesn't remain inconsistent in this case.

-- 
George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/




More information about the kfm-devel mailing list