SSL_GET_PREV_SESSION:session id context uninitialized
Issue #20
resolved
im using tls connection to secure websocket connections, it works for first connection, but after page reload got this error: [PHPD] PHPDaemon\Servers\WebSocket\Connection: EventBufferEvent SSL error: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized
found this post: https://john.nachtimwald.com/2014/10/05/server-side-session-cache-in-openssl/
and used it as:
--- classes/ssl_context.c 2014-11-20 11:10:49.000000000 +0200
+++ classes/ssl_context.c-fixed 2015-09-12 08:25:10.306886934 +0300
@@ -396,6 +396,7 @@
/* Private }}} */
+static int ssl_session_ctx_id = 1;
/* {{{ proto EventSslContext EventSslContext::__construct(int method, array options);
*
* Creates SSL context holding pointer to SSL_CTX.
@@ -444,6 +445,7 @@
SSL_CTX_set_options(ectx->ctx, options);
set_ssl_ctx_options(ectx->ctx, ectx->ht TSRMLS_CC);
+ SSL_CTX_set_session_id_context(ctx, (void *)&ssl_session_ctx_id, sizeof(ssl_session_ctx_id));
}
/* }}} */
thats solved my problem, but im not sure is it right way to handle ssl sessions.
Comments (6)
-
-
hm, its fixing ssl contexts, but old ssl cache is broken, after cleanin all browsers i've got it working and new ckients got no errors, i think we shuld use another context data to be sure sessions is not generated by another application with ssl.
-
repo owner
- changed status to resolved
Fixed
#20: SSL_GET_PREV_SESSION:session id context uninitialized→ <<cset 19f46fbcb35b>>
-
repo owner
I've just updated
master. Please try to build from source. If it's okay, I'll upload the package to PECL repo.The session ID should be set per-application, so I used the pointer value.
-
Error message gone, but chromium based browsers (including opera and chrome) unable to handshake "WebSocket opening handshake was canceled". Firefox works (and works without this patch). Tested with SSL3, TLSv1.1 and TLSv1.2. i think there must be some kind of check (without patch only first request was success). if session exists, then load its context.
upd: Tested again: if i do first request, then reload app with this patch, next request works fine.
-
repo owner
It would be great, if you could attach a simple test script.
- Log in to comment
nope, problem not solved, with this patch first user connects without problems and reconnects on page reload, but other users unable to connect.