Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:13.2
cyrus-imapd
cyrus-imapd-2.4.17_tls-session-leak.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File cyrus-imapd-2.4.17_tls-session-leak.patch of Package cyrus-imapd
From 2e106f14d21d19241830a881f888732d7d417ca9 Mon Sep 17 00:00:00 2001 From: Ken Murchison <murch@andrew.cmu.edu> Date: Mon, 27 Jan 2014 23:24:34 +0000 Subject: tls.c: don't setup external session cache until all other config/init is done on server context --- diff --git a/imap/tls.c b/imap/tls.c index 15ee656..6db4a2f 100644 --- a/imap/tls.c +++ b/imap/tls.c @@ -669,53 +669,6 @@ int tls_init_serverengine(const char *ident, SSL_CTX_set_options(s_ctx, off); SSL_CTX_set_info_callback(s_ctx, (void (*)()) apps_ssl_info_callback); - /* Don't use an internal session cache */ - SSL_CTX_sess_set_cache_size(s_ctx, 1); /* 0 is unlimited, so use 1 */ - SSL_CTX_set_session_cache_mode(s_ctx, SSL_SESS_CACHE_SERVER | - SSL_SESS_CACHE_NO_AUTO_CLEAR | - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP); - - /* Get the session timeout from the config file (in minutes) */ - timeout = config_getint(IMAPOPT_TLS_SESSION_TIMEOUT); - if (timeout < 0) timeout = 0; - if (timeout > 1440) timeout = 1440; /* 24 hours max */ - - /* A timeout of zero disables session caching */ - if (timeout) { - const char *fname = NULL; - char *tofree = NULL; - int r; - - /* Set the context for session reuse -- use the service ident */ - SSL_CTX_set_session_id_context(s_ctx, (void*) ident, strlen(ident)); - - /* Set the timeout for the internal/external cache (in seconds) */ - SSL_CTX_set_timeout(s_ctx, timeout*60); - - /* Set the callback functions for the external session cache */ - SSL_CTX_sess_set_new_cb(s_ctx, new_session_cb); - SSL_CTX_sess_set_remove_cb(s_ctx, remove_session_cb); - SSL_CTX_sess_set_get_cb(s_ctx, get_session_cb); - - fname = config_getstring(IMAPOPT_TLSCACHE_DB_PATH); - - /* create the name of the db file */ - if (!fname) { - tofree = strconcat(config_dir, FNAME_TLSSESSIONS, (char *)NULL); - fname = tofree; - } - - r = (DB->open)(fname, CYRUSDB_CREATE, &sessdb); - if (r != 0) { - syslog(LOG_ERR, "DBERROR: opening %s: %s", - fname, cyrusdb_strerror(ret)); - } - else - sess_dbopen = 1; - - free(tofree); - } - cipher_list = config_getstring(IMAPOPT_TLS_CIPHER_LIST); if (!SSL_CTX_set_cipher_list(s_ctx, cipher_list)) { syslog(LOG_ERR,"TLS server engine: cannot load cipher list '%s'", @@ -767,6 +720,53 @@ int tls_init_serverengine(const char *ident, } } + /* Don't use an internal session cache */ + SSL_CTX_sess_set_cache_size(s_ctx, 1); /* 0 is unlimited, so use 1 */ + SSL_CTX_set_session_cache_mode(s_ctx, SSL_SESS_CACHE_SERVER | + SSL_SESS_CACHE_NO_AUTO_CLEAR | + SSL_SESS_CACHE_NO_INTERNAL_LOOKUP); + + /* Get the session timeout from the config file (in minutes) */ + timeout = config_getint(IMAPOPT_TLS_SESSION_TIMEOUT); + if (timeout < 0) timeout = 0; + if (timeout > 1440) timeout = 1440; /* 24 hours max */ + + /* A timeout of zero disables session caching */ + if (timeout) { + const char *fname = NULL; + char *tofree = NULL; + int r; + + /* Set the context for session reuse -- use the service ident */ + SSL_CTX_set_session_id_context(s_ctx, (void*) ident, strlen(ident)); + + /* Set the timeout for the internal/external cache (in seconds) */ + SSL_CTX_set_timeout(s_ctx, timeout*60); + + /* Set the callback functions for the external session cache */ + SSL_CTX_sess_set_new_cb(s_ctx, new_session_cb); + SSL_CTX_sess_set_remove_cb(s_ctx, remove_session_cb); + SSL_CTX_sess_set_get_cb(s_ctx, get_session_cb); + + fname = config_getstring(IMAPOPT_TLSCACHE_DB_PATH); + + /* create the name of the db file */ + if (!fname) { + tofree = strconcat(config_dir, FNAME_TLSSESSIONS, (char *)NULL); + fname = tofree; + } + + r = (DB->open)(fname, CYRUSDB_CREATE, &sessdb); + if (r != 0) { + syslog(LOG_ERR, "DBERROR: opening %s: %s", + fname, cyrusdb_strerror(ret)); + } + else + sess_dbopen = 1; + + free(tofree); + } + tls_serverengine = 1; return (0); } -- cgit v0.9.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor