Hello,
I have to develop a simple ssl client. Currently, it works, but to improve performance, I try to anderstand the session cache client mecanism.
Here is what I have anderstood. Can someone tell me if I'm right ?
After looking in the man page, I see that cache should be enabled with this call :
SSL_CTX_set_session_cache_mode( ctx, SSL_SESS_CACHE_CLIENT )
When I want to reuse a connection, I have to call : SSL_set_session( ssl, session) just before calling SSL_connect()
In fact, the problem is to find this session object.
As there is no functions (as I think) to access this cache client, the only way to access the cache is to implement it as an external cache using the callback function :
SSL_CTX_sess_set_new_cb( ctx, new_session_cb ).
As I anderstand, this is called each time a new session should be added in the cache
Then, in this callback, I have to save the session in the ASN1 representation with this call :
int cb = i2d_SSL_SESSION(sess, NULL );
unsigned char * pasn1data = (char *)malloc( cb );
i2d_SSL_SESSION(sess, &pasn1data );
Then to store this session somewhere with the server infos (host, port) as a key to access this info :
add_in_my_session_store( host, port, pasn1data, cb );
Then, each time I need to find a session, I have to look in my cache and, if session is found, to transform it back in a SESSION object :
SESSION find_session( char * host, int port )
{
unsigned char * pasn1data; int cb;
if( find_in_my_session_store( host, port, &pasn1data, &cb )
{
SESSION * sess = d2i_SSL_SESSION(NULL, &pasn1data, cb);
return sess;
}
return NULL;
}
To remove a session, I implements the callback : SSL_CTX_sess_set_remove_cb( ctx, remove_session_cb )
remove_session_cb() is called with the session to remove. Then, it's time to remove it from our external cache. A solution to find the server infos (host,port) is to attach it to each session using SSL_SESSION_set_ex_data() before adding session in the cache, and to use SSL_SESSION_get_ex_data() to find the server infos being able to remove the session from the cache :
ServerInfo * psi = (ServerInfo *)SSL_SESSION_get_ex_data( idx, sess );
if( psi )
{
remove_from_my_session_store( host, port );
}
What I find strange is that I have to redevelop something that already exist internally in openssl.
And I suppose that if I set the cache size to 1 with SSL_CTX_sess_set_cache_size(ctx, 1) to be sure nothing is stored in the internal cache, then I will have to clean myself my external cache without using the remove_session_cb() callbacks so I think all this stuff sould be done in this case in the new_session_cb().
Sorry for this long email, and thanks in advance,
Sylvain
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
