Skip Menu |

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 76053
Status: resolved
Priority: 0/
Queue: IO-Socket-SSL
People
Owner: Nobody in particular
Requestors: UNDEF [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
ssl-context-id.path

History Show all quoted text
  Mon Mar 26 09:54:11 2012 UNDEF [...] cpan.org - Ticket created
Subject: 140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized
Good day. I am receiving next error on second connection of Firefox to a http server based on IO::Socket::SSL with enabled client authorization: SSL accept attempt failed with unknown error error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized SSL context is reused between connections, but session cache is disabled. I've found similar report on nginx forum http://forum.nginx.org/read.php?2,52263 Could you please suggest how to fix it?
  Tue Mar 27 10:34:49 2012 Steffen_Ullrich [...] genua.de - Correspondence added
thanks for reporting the problem. While it is probably possible to hack around it using SSL_create_ctx_callback and Net::SSLeay::CTX_set_session_id_context it wouldn't be nice. So starting with 1.61 it should just work w/o fiddling. Regards, Steffen
  Tue Mar 27 10:34:50 2012 The RT System itself - Status changed from 'new' to 'open'
  Tue Mar 27 10:34:50 2012 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'resolved'
  Tue Mar 27 18:24:19 2012 UNDEF [...] cpan.org - Correspondence added
Thanks for quick fixup. Works like a charm! But I found a small problem: context id is not generated if ssl server uses optional client verification. Patch with fixup attached.
Subject: ssl-context-id.path
Download ssl-context-id.path
application/octet-stream 460b

Message body not shown because it is not plain text.

  Tue Mar 27 18:24:20 2012 The RT System itself - Status changed from 'resolved' to 'open'
  Tue Mar 27 20:15:05 2012 chip [...] pobox.com - Correspondence added
From: chip [...] pobox.com
1.61 fails self-test. It claims accept failure in dhs.t, but actually strace shows that accept did not fail. Let me know if I can contribute, or if this thread's patch already fixes this.
  Wed Mar 28 01:57:23 2012 Steffen_Ullrich [...] genua.de - Correspondence added
Am Di 27. Mär 2012, 20:15:05, CHIPS schrieb: Show quoted text
> 1.61 fails self-test. It claims accept failure in dhs.t, but actually > strace shows that accept did not fail. Let me know if I can contribute, > or if this thread's patch already fixes this.
Hi, this is a different issue, which was also in 1.60. It looks like that the fixes on this test for OpenSSL1.01 made the test fail for at least one setup. Please open a new bug for this issue and add details about the version of Net::SSLeay and OpenSSL you are using: perl -MIO::Socket::SSL -e 'printf "%f, %x\n", $Net::SSLeay::VERSION, Net::SSLeay::OPENSSL_VERSION_NUMBER()'
  Wed Mar 28 01:57:57 2012 Steffen_Ullrich [...] genua.de - Correspondence added
Am Di 27. Mär 2012, 18:24:19, UNDEF schrieb: Show quoted text
> Thanks for quick fixup. Works like a charm! > > But I found a small problem: context id is not generated if ssl server > uses optional client verification. > > Patch with fixup attached.
Thanks, fixed for 1.62
  Wed Mar 28 01:57:58 2012 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'resolved'