stream-ssl: Set a session context ID string on our SSL_CTX.
In the finest OpenSSL tradition of putting important documentation only in
code comments, ssl/ssl_sess.c in the OpenSSL tree has the following comment
inside ssl_get_prev_session():
/* We can't be sure if this session is being used out of
* context, which is especially important for SSL_VERIFY_PEER.
* The application should have used SSL[_CTX]_set_session_id_context.
*
* For this error case, we generate an error instead of treating
* the event like a cache miss (otherwise it would be easy for
* applications to effectively disable the session cache by
* accident without anyone noticing).
*/
This meant that ovs-controller couldn't effectively cache SSL server
sessions and we got a weird error whenever ovs-vswitchd tried.
Bug #4448.
CC: David Tsai <dtsai@nicira.com>
CC: Jeremy Stribling <strib@nicira.com>
git://git.onelab.eu / sliver-openvswitch.git / commit