On Fri, Sep 07, 2001 at 12:52:55PM -0400, Louis LeBlanc wrote:
> On 09/07/01 12:03 AM, Lutz Jaenicke sat at the `puter and typed:
> > On Thu, Sep 06, 2001 at 03:16:17PM -0400, Louis LeBlanc wrote:
> > By using SSL_get1_session() the reference count is incremented and therefore
> > the sessions will stay in memory.
>
> Ok, so I should probably increment that count for each thread using
> the session id, then decrement it when that thread is finished, right?
> But how to do this if I am saving my own pointer in the server
> structure? I have a struct->session_id that I am setting with one of
> the SSL_get*_session() calls. It seems to me that I should definitely
> be incrementing the reference when I initially negotiate the session,
> but what of the other threads that will later reuse this session? How
> can I increment the reference for each access to my struct pointer?
I'll be very careful with my answer, as I don't program with threads myself.
SSL_get1_session() will increment the reference counter, so that when
the session would be removed otherwise, it will stay available.
If you call SSL_set_session(ssl, session), the reference count for session
is also incremented. If the session is not reused, or its use is finished,
it will be decremented again automatically.
So I actually would expect, that a session once obtained with
SSL_get1_session() will stay available with just the right reference count,
whatever you are going to do, until you explicitely SSL_SESSION_free() it.
> SSL_session_reused() can tell me wether I negotiated a new session or
> used an old one. This will be of great help with deciding to remove
> and replace the one I just tried to reuse. It doesn't appear to be
> available in 0.9.6, however. Any way to get the same result without
> upgrading? If not, are there any security or stability issues serious
> enough to convince my superiors to allow an upgrade?
SSL_session_reused() should be available since 0.9.1...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
