projects / ganeti-local / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f176337) | patch
http.client: Disable SSL session ID cache
authorApollon Oikonomopoulos <apollon@noc.grnet.gr>
Fri, 15 Oct 2010 05:55:59 +0000 (08:55 +0300)
committerMichael Hanselmann <hansmi@google.com>
Fri, 15 Oct 2010 15:21:47 +0000 (17:21 +0200)
commit4ba4fe140d93fc92a75116a39b8c3af4cf3646e4
tree03fde5f52b7a08c8725824c9c86c9995ff0ab13etree | snapshot
parentf176337353eab0517b3795706f44591e647f40cecommit | diff
http.client: Disable SSL session ID cache

This patch disables the SSL session ID cache for all cURL operations.
This is needed because http.HttpBase's PyOpenSSL implementation does not
currently set a context using SSL_set_session_id_context(3SSL), cURL
tries to re-use the session ID and, according to
SSL_set_session_id_context(3SSL):

 If the session id context is not set on an SSL/TLS server and client
 certificates are used, stored sessions will not be reused but a fatal
 error will be flagged and the handshake will fail.

Ideally, session caching should be either controlled, or disabled in
HttpBase, however PyOpenSSL does not seem to implement
SSL_CTX_set_session_cache_mode nor SSL_CTX_set_session_id_context which
are used for these purposes (it seems that only M2Crypto's SSL module
supports these).

Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
lib/http/client.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.