I'm looking at preserving sessions on the client and found the quoted
email saved away in my mailbox.
Looking at the code, it seems that SSL_free only deletes the session if
the reference count is zero. So can I keep an SSL_SESSION simply by
incrementing the reference count and saving a pointer? Obviously this
won't work if the program exits, but would (should) it still work after
all connections with the client had been closed?
I ask because I think (bugs and my stupidity aside) that have been doing
this, but SSL sessions do not seem to be being reused as often as I
would have expected (life here is a little more complicated as I am
storing references to C structures in Java objects - you really don't
want to know the details :-). Also, the (very helpful) post below
doesn't mention doing this, which seems odd.
Someone mentioned (but I can't find the post) that there was an old bug
to do with seesion re-use. Was that fixed by 0.9.4?
Thanks,
Andrew (working where session reuse has suddenly become important)
Bodo Moeller wrote:
> Tim Bartley <[EMAIL PROTECTED]>:
>
> > Is it possible to have a client session (SSL_SESSION) established for some
> > connection persist after that connection has been SSL_free'd so that it can
> > be used in a subsequent connection?
>
> > I had a quick look through headers and so on and thought SSL_CTX_add_session
> > might do it but that doesn't seem to be the case.
>
> SSL_CTX_add_session, which adds to the session cache, is for servers.
> A client can have just one session (you can send only one session ID
> in the client_hello, while a server obviously must be prepared to
> receive a request for any of various previously established
> sesssions).
>
> > Must I always have an open connection referencing the session?
>
> No, you can pass the pointer obtained by SSL_get_session to
> i2d_SSL_SESSION to obtain a BER representation of the SSL_SESSION data
> structure (well, of most of it). Then you can keep it in memory,
> store it in a disk cache, or whatever you want. Later d2i_SSL_SESSION
> can be used to create an SSL_SESSION data structure from the BER
> representation; then you can use SSL_set_session. (SSL_set_session
> increments the reference count of the SSL_SESSION. Call
> SSL_SESSION_free when you no longer need the SSL_SESSION structure).
>
> > Rather than relying on SSL_connect to create the new session should I
> > use SSL_SESSION_new to create the session and then call SSL_set_session
> > to associate the new session with the new SSL prior to calling SSL_connect?
>
> There's no need to worry about this when you want a new session,
> only when you want to reuse a previous session.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
