On Tue, Feb 07, 2012, Bruce (Riji) Cai wrote: > Hi all, > > >From man page of SSL_CTX_set_verify, I saw this example snippet: > > /*********************** snippet begin *********************************/ > ... > > mydata_t mydata; > > ... > mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, > NULL); > > ... > SSL_set_ex_data(ssl, mydata_index, &mydata); > > /*********************** snippet end *********************************/ > My questions are: > > 1. Why it gets index from a global instead of from the specific ssl session > context? > 2. This returned index increased for each time even for different ssl > connection, I don't know why, though I saw some comments in manpage of > RSA_get_ex_new_index, saying "Each successful call to RSA_get_ex_new_index() > will return an index greater than any previously returned, this is important > because the optional functions are called in order of increasing index > value." But I can't understand why "this is important". > 3. If I have multiple simultaneous ssl connections, for each connection, can > I NOT call SSL_get_ex_new_index, and store my private data by directly > writing to index 0 position, e.g. SSL_set_ex_data(ssl, 0, &mydata) ? Then I > get back the data in by calling mydata = SSL_get_ex_data(ssl,0). > > Thanks for your attention. >
When you call SSL_get_ex_new_index() it returns an index for new "ex_data" which can then be used in any SSL structure after the call. So you call that once on application start and before starting any threads and store the returned value somewhere and reuse it for each subsequent SSL structure you want to attach ex_data to. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
