Bugzilla – Bug 5474
gss_import_sec_context fails to restore client session keys
Last modified: 2008-08-11 15:19:51
You need to
before you can comment on or make changes to this bug.
I'm assisting EGEE with a bug fix they need for Globus in the VDT. I'm not an
expert on the problem, but I include their description below. They also have a
suggested patch that I will attach.
1) Do you see any reason that shouldn't apply this patch for the VDT build of
2) Can you accept this patch (or your own appropriate solution) for Globus in
the 4.0 branch?
The patch is being contributed from Krzysztof Nienartowicz
<Krzysztof.Nienartowicz@cern.ch>. He's on vacation, so his colleague described
it on his behalf:
>As far as I understand there is a new session key generated,
>when the session is restarted. At the end of the key negotiation
>there are basically two keys, one for the outgoing and one
>for the incoming communication.
>On the server and the client side these should be swapped,
>i.e. server's outgoing key is the client's incoming key.
>Unfortunately this was not swapped on the client side, so
>the communication couldn't restart after the session restart.
>As far as I understand Krzys' patch does this swap on the
They classify this is moderately urgent, because the bug "was completely
preventing Krzysztof's code from using globus in his SSL session reuse code." I
plan to release an update to the VDT with this patch in the very near future
unless your expert eyes see a problem with it.
Alain Roy, OSG Software Coordinator
I can't attach the patch because attachments have been disabled to deal with
spam. Therefore I have posted the patch at:
The patch doesn't compile--- extra ); in the second hunk.
After tweaking to compile, I wrote a small test program that confirms both the
bug and that the fix repairs it. Both are committed to CVS.
Subject: Re: Problem with session keys in
That was incredibly fast response. Thank you!