On Fri, Nov 12, 2010 at 01:28:29PM -0600,
john(a)tconl.com wrote:
I have to login twice after each logout using
squirrelmail located on
the
same server as perdition. The mail stores are on two other servers.
I am left with this on squirrelmail after first aatempt:
SquirrelMail version 1.4.8-5.el5.centos.10
By the SquirrelMail Project Team
ERROR
Your session has expired, but will be resumed after logging in again.
Go to the login page
Hi John,
I wonder if the problem you are seeing relates to the bug
fixed by the following patch which was included in 1.19-rc3.
My current config is using:
perdition-1.18
Do I need to upgrade the library if upgrading to 1.19-rc3?
# HG changeset patch
# User Simon Horman <horms(a)verge.net.au>
# Date 1280280523 -32400
# Node ID 6d85be38374c6aed3532219443370b95bf0cd128
# Parent 8fc81b8203539801a0900c7e133ccb198c60cd3e
ssl: Set session_id
This allows session re-negoatiation to work
in conjunction with the verification of client certificates.
In particular, it allows Thunderbird 3.1 to connect to perdition using
TLS.
An alternate work-around is to disable all certificate verification using
--ssl_no_client_cert_verify or disable client certificate verification
using --ssl_no_cert_verify (introduced in 1.19-rc1).
This relates to Mozilla Bug #575915
https://bugzilla.mozilla.org/show_bug.cgi?id=575915
Tested-by: John Feuerstein <john(a)feurix.com>
Signed-off-by: Simon Horman <horms(a)verge.net.au>
diff -r 8fc81b820353 -r 6d85be38374c perdition/ssl.c
--- a/perdition/ssl.c Mon Jul 26 15:29:04 2010 +0900
+++ b/perdition/ssl.c Wed Jul 28 10:28:43 2010 +0900
@@ -528,6 +528,14 @@
return NULL;
}
+ /* Set context for session */
+ if (!SSL_CTX_set_session_id_context(ssl_ctx,
+ (unsigned char *)PACKAGE,
+ strlen(PACKAGE))) {
+ VANESSA_LOGGER_DEBUG("SSL_CTX_set_session_id_context");
+ goto err;
+ }
+
/*
* Set the available ciphers
*/