On Thu, Mar 01, 2001 at 07:23:04PM +0100, Richard Levitte - VMS Whacker wrote:
> The printout will be:
>
> 28:error:140750DD:SSL routines:SSL23_CONNECT:ssl23 doing session id
>reuse:s23_clnt.c:132:
>
> ... or something very similar.
>
> The reason for all this is actually that ssl23_get_method() (which is
> called downstreams from SSL_set_session()) in s23_meth.c will return
> the result of SSLv23_method() when presented with SSL2_VERSION as
> input argument, while it will give the results from SSLv3_method() and
> TLSv1_method() for SSL3_VERSION and TLS1_VERSION respectively. What
> happens next is that ssl23_connect() is called with an SSL in the
> state SSL_ST_CONNECT|SSL_ST_BEFORE. The first thing that is checked
> is if there's a session connected to the SSL, and if there is, the
> error given above is signaled.
>
> Unless someone tells me the behavior of ssl23_get_method() is correct
> visavi SSLv2, I'll change it ro return the result of SSLv2_method().
I have read through the locations you name and come to the same conclusion
you already posted. SSLv23_method() is a generic method that is called if
it is not clear yet, which protocol to use. (So it is consistent that if
you already know which protocol to use, you don't call the generic one
and the error flagged is correct.)
The (needed) fix should have one side effect (from conclusion, I did not
try it): Since the SSL_connect() is now performed with SSLv2 only, in
case the session cannot be reused, the new session will also be of type
SSLv2, even if both the server and the client could do better.
+1 to change this in both current and stable.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
