Re: Session not re-used when exported then re-imported.

[Philip L Smith]

Hi Lutz

Have run with ssldump, there doesn't seem to be any session_id being 
sent from the client.

I presume it would show up something like session_id[32]=... under the 
C>S  Handshake section.

What else might I be doing wrong, or have not set ?

In overview this is what I do:

--- startup code ---
{
   // create an SSL structure
   if (!m_sslInitCalled)
   {
       SSL_load_error_strings();
       SSL_library_init();
       m_sslInitCalled = true;
   }
   m_pSslV23Method = SSLv23_client_method();
   m_pSslV23Ctx     = SSL_CTX_new(m_pSslV23Method);
   // switch on bug workarounds
   SSL_CTX_set_options(m_pSslV23Ctx,SSL_OP_ALL);
   m_pSslMethod     = m_pSslV23Method;
   m_pSslCtx         = m_pSslV23Ctx;
   // only do the cleint cert setup if one is there
   if (!m_sslCertFile.empty())
   {
       // register the callback for the password
       SSL_CTX_set_default_passwd_cb(m_pSslCtx, SSLPassphraseCallback);
       // set userdata as password to use
       SSL_CTX_set_default_passwd_cb_userdata(m_pSslCtx, const_cast 
<char*>(m_sslPassword.c_str()));

       if (SSL_CTX_use_certificate_file(m_pSslCtx, 
m_sslCertFile.c_str(), SSL_FILETYPE_PEM) <= 0)
       {
           LogError("SSL certificate file NOT loaded", "", 0);
   //        return -1;
       }

       if (SSL_CTX_use_PrivateKey_file(m_pSslCtx, 
m_sslCertFile.c_str(), SSL_FILETYPE_PEM) <= 0)
       {
           LogError("SSL key NOT loaded", "", 0);
   //        return -1;
       }
       Trace ("SSL Key loaded","",0);

       if (!SSL_CTX_check_private_key(m_pSslCtx))
       {
           LogError("SSL Private key does not match the certificate 
public key", "", 0);
   //        return -1;
       }

       Trace("SSL Client Cert Key checked OK", "", 0);
   }
   m_pSslV23Connection = SSL_new(m_pSslV23Ctx);

   m_pSslConnection = m_pSslV23Connection;

   Trace("CTcp::CTcp()","globalSessionID", CTcp::globalSessionId);
   // only do the following if the overall sessionid was set
   if (CTcp::globalSessionId != 0)
   {
       // load the session from disk
       FILE * filePtr;
       char fileString[128];
       sprintf(fileString, "/tmp/session_id.%d", CTcp::globalSessionId);
       Trace("Loading SSL Session",fileString,0);
       if ((filePtr = fopen(fileString,  "r")) != NULL)
       {
           Trace("Loading SSL Session from file",fileString,0);
           SSL_SESSION s;
           SSL_SESSION * ps;
           ps = &s;
           ps = PEM_read_SSL_SESSION(filePtr, &ps, NULL, NULL);
           ps = &s;
           ssl_session_print (ps);
           // force it to be used ?
           int added = 0;
           ps = &s;
           added = SSL_set_session(m_pSslV23Connection, ps);
           Trace("Setting SSL Session","SSL_set_session() 
m_pSslV23Connection",added);

           // close the file
           fclose(filePtr);
       }
       else
       {
           Trace("Loading SSL Session", "No session file present",0);
       }
   }
}
--- ~ startup code ---

The actual connection is fairly standard creating a socket connection then

int ret = SSL_set_fd(m_pSslConnection, sockfd);
ret = SSL_connect(m_pSslConnection);
Phil

Output from ssldump:

New TCP connection #23: 192.168.0.15(45440) <-> 62.232.26.100(443)
23 1  0.0114 (0.0114)  C>S  Handshake
     ClientHello
       Version 3.1
       cipher suites
       Unknown value 0x39
       Unknown value 0x38
       Unknown value 0x35
       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
       TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
       TLS_RSA_WITH_3DES_EDE_CBC_SHA
       Unknown value 0x33
       Unknown value 0x32
       Unknown value 0x2f
       TLS_RSA_WITH_IDEA_CBC_SHA
       TLS_DHE_DSS_WITH_RC4_128_SHA
       TLS_RSA_WITH_RC4_128_SHA
       TLS_RSA_WITH_RC4_128_MD5
       TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
       TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
       TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
       TLS_DHE_RSA_WITH_DES_CBC_SHA
       TLS_DHE_DSS_WITH_DES_CBC_SHA
       TLS_RSA_WITH_DES_CBC_SHA
       TLS_DHE_DSS_WITH_RC2_56_CBC_SHA
       TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
       TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
       TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
       TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
       TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
       TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
       TLS_RSA_EXPORT_WITH_RC4_40_MD5
       compression methods
                 NULL
23 2  0.0327 (0.0212)  S>C  Handshake
     ServerHello
       Version 3.1
       session_id[32]=
         59 1e 00 00 98 3b a5 c1 56 23 1a 2f f1 a9 a1 43
         01 a5 13 b1 f4 d2 fb 65 3b ac 44 1c f4 95 6a ad
       cipherSuite         TLS_RSA_WITH_RC4_128_MD5
       compressionMethod                   NULL
     Certificate
     ServerHelloDone
23 3  0.1246 (0.0919)  C>S  Handshake
     ClientKeyExchange
23 4  0.1246 (0.0000)  C>S  ChangeCipherSpec
23 5  0.1246 (0.0000)  C>S  Handshake
23 6  0.1544 (0.0298)  S>C  ChangeCipherSpec
23 7  0.1544 (0.0000)  S>C  Handshake
23 8  0.2347 (0.0802)  C>S  application_data
23 9  0.2927 (0.0579)  S>C  application_data
23    2.7034 (2.4107)  C>S  TCP FIN
23    2.7136 (0.0101)  S>C  TCP FIN
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]