| From: | Shay Rojansky <roji(at)roji(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: PostgreSQL not setting OpenSSL session id context? |
| Date: | 2017-08-03 05:49:57 |
| Message-ID: | CADT4RqALmtuZ2FfY06NnUDzi9RmUbuogDyd99oGH2GVzTtj-nw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
One more note: https://github.com/netty/netty/pull/5321/files is an
equivalent PR setting the session ID context to a constant value in netty
(which is also a server using OpenSSL). This is in line with the
documentation on SSL_CTX_set_session_id_context (
https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_session_id_context(3)
):
> Sessions are generated within a certain context. When exporting/importing
sessions with *i2d_SSL_SESSION*/*d2i_SSL_SESSION* it would be possible, to
re-import a session generated from another context (e.g. another
application), which might lead to malfunctions. Therefore each application
must set its own session id context *sid_ctx* which is used to distinguish
the contexts and is stored in exported sessions. The *sid_ctx* can be any
kind of binary data with a given length, it is therefore possible to use
e.g. the name of the application and/or the hostname and/or service name ...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ashutosh Bapat | 2017-08-03 05:52:55 | Re: Macros bundling RELKIND_* conditions |
| Previous Message | Shay Rojansky | 2017-08-03 05:45:16 | Re: PostgreSQL not setting OpenSSL session id context? |