Restore the SSL_set_session_id_context() call to OpenSSL renegotiation.

This reverts the removal of the call in commit (272923a0). It turns out it wasn't superfluous after all: without it, renegotiation fails if a client certificate was used. The rest of the changes in that commit are still OK and not reverted. Per investigation of bug #12769 by Arne Scheffer, although this doesn't fix the reported bug yet.
author: Heikki Linnakangas <heikki.linnakangas@iki.fi> 2015-02-16 22:34:32 +0200
committer: Heikki Linnakangas <heikki.linnakangas@iki.fi> 2015-02-16 22:34:32 +0200
commit: 1c2b7c0879d83ff79e4adf2c0a883df92b713da4 (patch)
tree: 92535ba1e5a67f9f3dee72229a7a53f8ad66dc0e /src
parent: 9e3ad1aac52454569393a947c06be0d301749362 (diff)
download: postgresql-1c2b7c0879d83ff79e4adf2c0a883df92b713da4.tar.gz
postgresql-1c2b7c0879d83ff79e4adf2c0a883df92b713da4.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 37af6e4fdaf..b06f987b3fd 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -595,6 +595,10 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
 		 */
 		SSL_clear_num_renegotiations(port->ssl);
 
+		/* without this, renegotiation fails when a client cert is used */
+		SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
+								   sizeof(SSL_context));
+
 		if (SSL_renegotiate(port->ssl) <= 0)
 			ereport(COMMERROR,
 					(errcode(ERRCODE_PROTOCOL_VIOLATION),
author	Heikki Linnakangas <heikki.linnakangas@iki.fi>	2015-02-16 22:34:32 +0200
committer	Heikki Linnakangas <heikki.linnakangas@iki.fi>	2015-02-16 22:34:32 +0200
commit	1c2b7c0879d83ff79e4adf2c0a883df92b713da4 (patch)
tree	92535ba1e5a67f9f3dee72229a7a53f8ad66dc0e /src
parent	9e3ad1aac52454569393a947c06be0d301749362 (diff)
download	postgresql-1c2b7c0879d83ff79e4adf2c0a883df92b713da4.tar.gz postgresql-1c2b7c0879d83ff79e4adf2c0a883df92b713da4.zip