SSL_GET_PREV_SESSION:session id context uninitialized

Issue #20 resolved
Anonymous created an issue

im using tls connection to secure websocket connections, it works for first connection, but after page reload got this error: [PHPD] PHPDaemon\Servers\WebSocket\Connection: EventBufferEvent SSL error: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized

found this post: https://john.nachtimwald.com/2014/10/05/server-side-session-cache-in-openssl/

and used it as:

--- classes/ssl_context.c   2014-11-20 11:10:49.000000000 +0200
+++ classes/ssl_context.c-fixed 2015-09-12 08:25:10.306886934 +0300
@@ -396,6 +396,7 @@
 /* Private }}} */


+static int ssl_session_ctx_id = 1;
 /* {{{ proto EventSslContext EventSslContext::__construct(int method, array options);
  *
  * Creates SSL context holding pointer to SSL_CTX.
@@ -444,6 +445,7 @@

    SSL_CTX_set_options(ectx->ctx, options);
    set_ssl_ctx_options(ectx->ctx, ectx->ht TSRMLS_CC);
+    SSL_CTX_set_session_id_context(ctx, (void *)&ssl_session_ctx_id, sizeof(ssl_session_ctx_id));
 }
 /* }}} */

thats solved my problem, but im not sure is it right way to handle ssl sessions.

Comments (6)

  1. Mastir

    nope, problem not solved, with this patch first user connects without problems and reconnects on page reload, but other users unable to connect.

  2. Mastir

    hm, its fixing ssl contexts, but old ssl cache is broken, after cleanin all browsers i've got it working and new ckients got no errors, i think we shuld use another context data to be sure sessions is not generated by another application with ssl.

  3. Ruslan Osmanov repo owner

    I've just updated master. Please try to build from source. If it's okay, I'll upload the package to PECL repo.

    The session ID should be set per-application, so I used the pointer value.

  4. Mastir

    Error message gone, but chromium based browsers (including opera and chrome) unable to handshake "WebSocket opening handshake was canceled". Firefox works (and works without this patch). Tested with SSL3, TLSv1.1 and TLSv1.2. i think there must be some kind of check (without patch only first request was success). if session exists, then load its context.

    upd: Tested again: if i do first request, then reload app with this patch, next request works fine.

  5. Log in to comment