SSL session reuse crash (BR73916)
George Staikos
staikos at kde.org
Tue Feb 3 10:54:42 GMT 2004
On Sunday 01 February 2004 10:07, Waldo Bastian wrote:
> I have applied the attached patch to prevent a SSL session id reuse crash.
> Someone who actually knows how SSL session id reuse is supposed to work may
> want to have a look at this to see if this is the correct solution or
> whether things go wrong earlier already.
>
> See http://bugs.kde.org/show_bug.cgi?id=73916 for details.
There are other possible crashes too. I just haven't had time to fix them
all yet. Changing from SSLv3 to v2 or vice versa and reusing the session
crashes inside openssl. I'm not even sure it's up to us to fix this anyway.
Your patch looks reasonable, but I want to double check to make sure that the
cache doesn't remain inconsistent in this case.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kfm-devel
mailing list