On 2018-05-02 18:34:35 [+0200], Kurt Roeckx wrote: > On Wed, May 02, 2018 at 05:19:20PM +0100, Simon McVittie wrote: > > * https://github.com/openssl/openssl/pull/5967 > > > > """ > > Commit d316cdc introduced some extra > > checks into the session-cache update procedure, intended to prevent > > the caching of sessions whose resumption would lead to a handshake > > failure, since if the server is authenticating the client, there needs to > > be an application-set "session id context" to match up to the > > authentication > > context. While that change is effective for its stated purpose, there > > was also some collatoral damage introduced along with the fix -- clients > > that set SSL_VERIFY_PEER are not expected to set an sid_ctx, and so > > their usage of session caching was erroneously denied. > > > > Fix the scope of the original commit by limiting it to only acting > > when the SSL is a server SSL. > > """ > > Is it urgunt to fix this in testing/unstable?
If he is sure that this fixes his issue then I don't mind doing an upload. I can even prepare a 1.1.0h-2 with this patch included. [unless upstream plans a release soon] > Kurt Sebastian
