Restore the SSL_set_session_id_context() call to OpenSSL renegotiation.

This reverts the removal of the call in commit (272923a0). It turns out it
wasn't superfluous after all: without it, renegotiation fails if a client
certificate was used. The rest of the changes in that commit are still OK
and not reverted.

Per investigation of bug #12769 by Arne Scheffer, although this doesn't fix
the reported bug yet.

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 37af6e4fdaf75ab531123859852362a4d2527822..b06f987b3fd2c14bae57809fdd85913e6900f1b5 100644 (file)
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -595,6 +595,10 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
                 */
                SSL_clear_num_renegotiations(port->ssl);
 
+               /* without this, renegotiation fails when a client cert is used */
+               SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
+                                                                  sizeof(SSL_context));
+
                if (SSL_renegotiate(port->ssl) <= 0)
                        ereport(COMMERROR,
                                        (errcode(ERRCODE_PROTOCOL_VIOLATION),