Skip to content

Incorrect call to SSL_CTX_set_session_id_context on client side SSL context #105293

Closed
@grantramsay

Description

@grantramsay
Contributor

When initialising an SSLContext there is a call to SSL_CTX_set_session_id_context():

#define SID_CTX "Python"
    SSL_CTX_set_session_id_context(self->ctx, (const unsigned char *) SID_CTX,
                                   sizeof(SID_CTX));
#undef SID_CTX

The openssl man pages state that SSL_CTX_set_session_id_context is a "server side only" operation:
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_session_id_context.html

SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)

The session id context becomes part of the session. The session id context is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and SSL_set_session_id_context() functions are therefore only useful on the server side.

In some circumstances, calling this on a client side socket can result in unexpected behavior. For example TLSv1.3 PSK: #103181 (comment)

The fix for this was originally part of another PR (#103181) @gpshead recommended creating a separate issue/PR

Linked PRs

Activity

added a commit that references this issue on Jun 4, 2023

pythongh-105293: Do not call SSL_CTX_set_session_id_context on client…

self-assigned this
on Jun 5, 2023
added a commit that references this issue on Jul 14, 2023

pythongh-105293: Do not call SSL_CTX_set_session_id_context on client…

added a commit that references this issue on Jul 14, 2023

gh-105293: Do not call SSL_CTX_set_session_id_context on client side …

21d98be
gpshead

gpshead commented on Jul 14, 2023

@gpshead
Member

While we could backport this to releases, unless it's actually causing a problem there (the issue has existed forever it seems) lets not bother. It seems most important for your new feature PR.

added a commit that references this issue on Jul 14, 2023

pythongh-105293: Do not call SSL_CTX_set_session_id_context on client…

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

type-bugAn unexpected behavior, bug, or error

Projects

No projects

Milestone

No milestone

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @gpshead@grantramsay

      Issue actions

        Incorrect call to `SSL_CTX_set_session_id_context` on client side SSL context · Issue #105293 · python/cpython