Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set session ID when TLS resume is enabled #75435

Merged
merged 5 commits into from
Sep 13, 2022
Merged

set session ID when TLS resume is enabled #75435

merged 5 commits into from
Sep 13, 2022

Conversation

wfurt
Copy link
Member

@wfurt wfurt commented Sep 12, 2022 

      System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
       ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
       ---> Interop+Crypto+OpenSslCryptographicException: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized

There are several references to it on Internet. https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_session_id_context.html mentioning that this error may happen with client certificates.

This change will initialize ID to random bytes to prevent this error from happening.
So far I was unable to craft functional tests that could reproduce the issue. I have separate repro with Kestrel and Windows client as originally reported and this change fixes the observed failures.

contributes to #75079
I think e should take the fix for 7, leave it open for 8 to craft test that would reproduce the reported issue.

@wfurt wfurt added area-System.Net.Security os-linux Linux OS (any supported distro) labels Sep 12, 2022
@wfurt wfurt requested review from bartonjs, rzikm and a team September 12, 2022 05:50
@wfurt wfurt self-assigned this Sep 12, 2022
@ghost
Copy link

ghost commented Sep 12, 2022

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details 
      System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
       ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
       ---> Interop+Crypto+OpenSslCryptographicException: error:140D9115:SSL routines:ssl_get_prev_session:session id context uninitialized

There are several references to it on Internet. https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_session_id_context.html mentioning that this error may happen with client certificates.

This change will initialize ID to random bytes to prevent this error from happening.
So far I was unable to craft functional tests that could reproduce the issue. I have separate repro with Kestrel and Windows client as originally reported and this change fixes the observed failures.

contributes to #75079
I think e should take the fix for 7, leave it open for 8 to craft test that would reproduce the reported issue.

Author: wfurt
Assignees: wfurt
Labels:

area-System.Net.Security, os-linux
Milestone: -

@karelz karelz added this to the 8.0.0 milestone Sep 12, 2022
@wfurt @bartonjs
Apply suggestions from code review
d9a278d 
Co-authored-by: Jeremy Barton <jbarton@microsoft.com>
@wfurt wfurt merged commit ecf9f2f into dotnet:main Sep 13, 2022
@wfurt
Copy link
Member Author

wfurt commented Sep 13, 2022

/backport to release/7.0

@github-actions
Copy link
Contributor

Started backporting to release/7.0: https://github.com/dotnet/runtime/actions/runs/3042209571

@github-actions github-actions bot mentioned this pull request Sep 13, 2022
Merged
@wfurt wfurt deleted the ctxId branch September 13, 2022 03:49
@karelz karelz mentioned this pull request Sep 13, 2022
Closed
1 task
@ghost ghost locked as resolved and limited conversation to collaborators Oct 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

@rzikm rzikm Awaiting requested review from rzikm

Assignees

@wfurt wfurt

Labels
area-System.Net.Security os-linux Linux OS (any supported distro)
Projects
None yet
Milestone
8.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@wfurt @bartonjs @karelz