[CalendarServer-changes] [14133] twext/trunk/twext/internet/ssl.py
source_changes at macosforge.org
source_changes at macosforge.org
Tue Nov 4 14:00:04 PST 2014
Revision: 14133
http://trac.calendarserver.org//changeset/14133
Author: cdaboo at apple.com
Date: 2014-11-04 14:00:04 -0800 (Tue, 04 Nov 2014)
Log Message:
-----------
Client cert redirect request fix.
Modified Paths:
--------------
twext/trunk/twext/internet/ssl.py
Modified: twext/trunk/twext/internet/ssl.py
===================================================================
--- twext/trunk/twext/internet/ssl.py 2014-11-03 21:19:46 UTC (rev 14132)
+++ twext/trunk/twext/internet/ssl.py 2014-11-04 22:00:04 UTC (rev 14133)
@@ -29,7 +29,9 @@
from twisted.internet.ssl import DefaultOpenSSLContextFactory
from twisted.internet._sslverify import Certificate
+import uuid
+
class ChainingOpenSSLContextFactory (DefaultOpenSSLContextFactory):
def __init__(
self, privateKeyFileName, certificateFileName,
@@ -96,6 +98,11 @@
if self.sendCAsToClient:
ctx.add_client_ca(cert.original)
+ # When a client certificate is used we also need to set a session context id
+ # to avoid openssl SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED
+ # errors
+ ctx.set_session_id(str(uuid.uuid4()).replace("-", ""))
+
# It'd be nice if pyOpenSSL let us pass None here for this behavior (as
# the underlying OpenSSL API call allows NULL to be passed). It
# doesn't, so we'll supply a function which does the same thing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20141104/38eaab22/attachment.html>
More information about the calendarserver-changes
mailing list