File cve-2013-4508-regression-bug729480.patch of Package lighttpd.openSUSE_13.1_Update

origin: http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2925/diff/

Index: lighttpd-1.4.31/src/network.c
===================================================================
--- lighttpd-1.4.31.orig/src/network.c	2013-11-14 10:44:56.000000000 +0100
+++ lighttpd-1.4.31/src/network.c	2013-11-14 10:52:56.211535856 +0100
@@ -743,6 +743,14 @@
 			return -1;
 		}
 
+		/* completely useless identifier; required for client cert verification to work with sessions */
+		if (0 == SSL_CTX_set_session_id_context(s->ssl_ctx, (const unsigned char*) CONST_STR_LEN("lighttpd"))) {
+			log_error_write(srv, __FILE__, __LINE__, "ss:s", "SSL:",
+				"failed to set session context",
+				ERR_error_string(ERR_get_error(), NULL));
+			return -1;
+		}
+
 		SSL_CTX_set_options(s->ssl_ctx, ssloptions);
 		SSL_CTX_set_info_callback(s->ssl_ctx, ssl_info_callback);

Places

File cve-2013-4508-regression-bug729480.patch of Package lighttpd.openSUSE_13.1_Update

Places