Session reuse in sync_client (openssl 1.1.0f)

Johan Hattne johan at hattne.se
Thu Aug 24 00:26:21 EDT 2017


Dear all;

I’m seeing issues with sync_client (from 2.5.11) in rolling replication mode with openssl 1.1.0f.  The first connection works just fine, and sync_client keeps a pointer to the SSL session for future use.  Before repeating, the existing connection is torn down, but the session is supposed to be preserved.  What’s happening in my case is that sync_client segfaults on the second iteration, apparently because the session was released as well, which renders sync_client’s pointer invalid.  I’m lead to believe that this was not necessarily the case with older versions of openssl.

One way to work around this is to increase the reference counter of the session so that it won’t be freed when the connection is shut down.  That can be accomplished by replacing

  if (sess) *sess = SSL_get_session(tls_conn);

with

  if (sess) *sess = SSL_get1_session(tls_conn);

on line 1568 of tls.c (current cyrus-imapd-2.5 sources).  I understand too little about the rest of the code to tell whether this is a sensible approach or not.  Opinions, anyone?

// Best wishes; Johan


More information about the Info-cyrus mailing list