Article delegate-en/3714 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3713@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Questions about SSLway
19 Apr 2007 00:21:13 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Chris,

In message <_A3713@delegate-en.ML_> on 04/18/07(22:51:35) I wrote:
 |On 04/18/07(17:40) you "Kwis Angelo" <phyhabdyi-znqnbun5oylr.ml@ml.delegate.org> wrote
 |in <_A3711@delegate-en.ML_>
 | |I have the logs below after disabling session cache and allowing the
 | |negotiation phase logging.  I tried several times.  The first one
 | |(highlighted in blue) was able to do establish a session.  Not long after, I
 | |did 3 consecutive tests (highlighted in red) and all encountered the the
 | |same error.
 | |
 | |After 3 consecutive errors, all subsequent tests finally worked without even
 | |restarting Delegate...what do you think is the problem?
 | |
 | |The process was now started with the following command:
 | |
 | |../delegated -v -P$DELEDATE_LISTNER_PORT SERVER=http FSV="sslway -ssl2 -Vrfy
 | |-CAfile pems/TrivnetCA.crt -cert pems/ggs-delegate.crt -key pems/ggs-
 | |delegate.key -pass pass:1234 " MOUNT="/* $HTTPS_HOST_URL/*" TLSCONF="-vd,
 | |scache:no" RES_WAIT=0 DGROOT=/opt/gemalto/delegate951  >
 | | /opt/gemalto/delegate951/log/delegate.txt 2>&1 &

I could reproduce the problem with SSLway with "-ssl2" option
and confirmed it can be escaped with TLSCONF="scache:no" option.
I'll fix it as the enclosed patch which will be applied to the next
vesions (9.5.7 and 9.6.0-pre14).
Thank you.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

*** ../delegate9.5.6/filters/sslway.c	Sun Mar 18 23:30:10 2007
--- filters/sslway.c	Thu Apr 19 09:13:25 2007
***************
*** 1277,1282 ****
--- 1277,1286 ----
  		ERROR("## no session to be saved");
  		goto CEXIT;
  	}
+ 	if( shp->ssl_version == 2 ){
+ 		DEBUG("## don't cache the session of SSL2");
+ 		goto CEXIT;
+ 	}
  
  	len = i2d_SSL_SESSION(sess,NULL);
  	if( len == 0 ){

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V