summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoremboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2012-06-10 01:53:20 +0000
committeremboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2012-06-10 01:53:20 +0000
commit43759fc1ed8f10fff50b4239089d02c0fbe6895d (patch)
treec226170945c5252240d4e0508ac93b7b2e9acfd7
parent839dc7d4092c0f53654e9625b71861e888e5a789 (diff)
* lib/openssl/ssl.rb: Use a simple random number to generate the
session id. MD5, as was used before, causes problems when using a FIPS version of OpenSSL. Issue was found by Jared Jennings, thank you! [ruby-trunk - Bug #6137] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36005 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--ext/openssl/lib/openssl/ssl.rb4
2 files changed, 11 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index ca6f444e09..e213daa084 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+Sun Jun 10 10:48:15 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
+
+ * lib/openssl/ssl.rb: Use a simple random number to generate the
+ session id. MD5, as was used before, causes problems when
+ using a FIPS version of OpenSSL. Issue was found by Jared
+ Jennings, thank you!
+ [ruby-trunk - Bug #6137]
+
Sun Jun 10 10:27:34 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
* NEWS: Add note about the new private key export behavior.
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index 70b27f4416..268e8e9d67 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -146,7 +146,9 @@ module OpenSSL
@svr = svr
@ctx = ctx
unless ctx.session_id_context
- session_id = OpenSSL::Digest::MD5.hexdigest($0)
+ # see #6137 - session id may not exceed 32 bytes
+ prng = ::Random.new($0.hash)
+ session_id = prng.bytes(16).unpack('H*')[0]
@ctx.session_id_context = session_id
end
@start_immediately = true
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 22:32:23 +0000