Hi,
ya I did that, prior to i2d_SSL_SESSION(), SSL_SESSION_print() prints the
textual description of the cipher. But after doing i2d_SSL_SESSION() and
d2i_SSL_SESSION() it just prints the cipher_id, not the textual cipher
representation. I went inside the i2d_SSL_SESSION() code and found that
pSession->cipher=NULL and pSession->cipher_id is actualy read from ASN1
object. And this looks fine to me.
But in the SSL_connect() code, when client is checking for the returned
cipher from server in sever_hello, openssl does following:
if (s->hit && (s->session->cipher != c))
{
if (!(s->options &
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
{
al=SSL_AD_ILLEGAL_PARAMETER;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
goto f_err;
}
}
My question is how come above thing work when d2i_SSL_SESSION() is
explicitly making pSession->cipher=NULL ???? Cause when u set the old
session for a new SSL*, u just do a SSL_set_session(), which does nothing
except a pointer assignment.. then at which point I sould get a
pSSL->session->cipher pointer ???
Thanks
Aslam
-----Original Message-----
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 3:36 PM
To: '[EMAIL PROTECTED]'
Subject: Re: Session Resumption.. d2i_SSL_SESSION() function..
On Wed, Aug 29, 2001 at 01:54:38PM -0400, Aslam wrote:
> I'm doing session resumption on client side. For this of the previous
> session I did a i2d_SSL_SESSION() and in this session, I'm setting this
> SSL_SESSION ptr, which I obtained from d2i_SSL_SESSION().
> Now the problem is when I do a d2i_SSL_SESSION() to get the SSL_SESSION
ptr,
> the ptr->cipher is NULL, and in SSL_connect code this cipher is checked
> against the cipher retured from the server.. following code in
> ssl\s3_clnt.c..
If you did save a valid session, the cipher information was stored inside
the ASN1 object. When you read it back, everything should be back in
order. Please use the (not yet documented) SSL_SESSION_print()
or SSL_SESSION_print_fp() command. Its use should be obvious from the
interface:
int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x);
int SSL_SESSION_print(BIO *bp, SSL_SESSION *x);
(source is in openssl/ssl/ssl_text.c, example in openssl/apps/sess_id.c)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
