Not quite sure, but to my understand, the "ex_data" is saved into per ssl connection context, so the index to it should be per connection scope. While from my observation, the returned index is increased when SSL_get_ex_new_index is called once, no matter called by A connection or B connection.
In some case, I have only one private data, and I don't want to pass the index var to every piece of code, so can I just save the ex_data directly to index 0 and get it out from 0 when needed? Reading to openssl source code to understand what it does, is a bit painful, although I tried to... Thanks -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: 2012年2月8日 1:27 To: openssl-users@openssl.org Subject: Re: About the usage of SSL_get_ex_new_index On Tue, Feb 07, 2012, Bruce (Riji) Cai wrote: > Hi all, > > >From man page of SSL_CTX_set_verify, I saw this example snippet: > > /*********************** snippet begin *********************************/ > ... > > mydata_t mydata; > > ... > mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, > NULL); > > ... > SSL_set_ex_data(ssl, mydata_index, &mydata); > > /*********************** snippet end *********************************/ > My questions are: > > 1. Why it gets index from a global instead of from the specific ssl session > context? > 2. This returned index increased for each time even for different ssl > connection, I don't know why, though I saw some comments in manpage of > RSA_get_ex_new_index, saying "Each successful call to RSA_get_ex_new_index() > will return an index greater than any previously returned, this is important > because the optional functions are called in order of increasing index > value." But I can't understand why "this is important". > 3. If I have multiple simultaneous ssl connections, for each connection, can > I NOT call SSL_get_ex_new_index, and store my private data by directly > writing to index 0 position, e.g. SSL_set_ex_data(ssl, 0, &mydata) ? Then I > get back the data in by calling mydata = SSL_get_ex_data(ssl,0). > > Thanks for your attention. > When you call SSL_get_ex_new_index() it returns an index for new "ex_data" which can then be used in any SSL structure after the call. So you call that once on application start and before starting any threads and store the returned value somewhere and reuse it for each subsequent SSL structure you want to attach ex_data to. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
