Bug 66226 - Lacking a check for the return value of SSL_CTX_set_session_id_context()

Summary: Lacking a check for the return value of SSL_CTX_set_session_id_context()

Status: RESOLVED FIXED Alias: None Product: Apache httpd-2 Classification: Unclassified Component: mod_ssl (show other bugs) Version: 2.5-HEAD Hardware: PC Mac OS X 10.1 Importance: P2 critical (vote) Target Milestone: --- Assignee: Apache HTTPD Bugs Mailing List URL: Keywords: PatchAvailable Depends on: Blocks:		Reported: 2022-08-17 06:44 UTC by UVScan Modified: 2023-04-04 21:35 UTC (History) CC List: 0 users

Attachments Add an attachment (proposed patch, testcase, etc.) Note You need to log in before you can comment on or make changes to this bug.

Description UVScan 2022-08-17 06:44:01 UTC According to the descriptions of SSL_CTX_set_session_id_context(), it has two different return values. But in httpd-2.4.53/modules/ssl/ssl_engine_kernel.c, we find it lacks a check for the return value of SSL_CTX_set_session_id_context(). Reference: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_session_id_context.html Comment 1 Giovanni Bechis 2023-04-04 21:35:17 UTC Fixed in r1908971.

---

• Format For Printing
•  - XML
•  - Clone This Bug
•  - Top of page

This is ASF Bugzilla: the Apache Software Foundation bug system. In case of problems with the functioning of ASF Bugzilla, please contact bugzilla-admin@apache.org. Please Note: this e-mail address is only for reporting problems with ASF Bugzilla. Mail about any other subject will be silently ignored.

• • Home
  • | New
  • | Browse
  • | Search
  • |
    [?]
  • | Reports
  • | Help
  • | New Account
  • | Log In
    Remember [x]
  • | Forgot Password
    Login: [x]