Hi, I'm trying to add session caching to a multi-threaded SSL client. I've run into a crash when my client, with caching enabled, is talking to an SSL server which has caching DISabled.
What I see in the debugger is that if more than one client connection is coming up, and both are using the same session from the cache, then when the server's certificate in the session is updated (session->sess_cert) by the second connection, the first connection is left holding an invalid pointer to the public key in the cert. The crash occurs when that public key is used for encrypting a secret to send to the server. What's confusing me, and I feel like I'm missing something basic here, is that the code doesn't look like it should ever work with reused sessions because the only field in the session which is modified under lock is the reference count. SSL_set_session() doesn't copy the session, it reuses the pointer and increments the ref count. Other code changes fields in the session at will. When my client is caching and talking to a server which is also caching then everything works great. What am I missing here? Thanks, -- Jonathan __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
