On 7 Feb 2012, at 8:50 AM, Bruce (Riji) Cai wrote: > Hi all, > > From man page of SSL_CTX_set_verify, I saw this example snippet: > > /*********************** snippet begin *********************************/ > ... > > mydata_t mydata; > > ... > mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, > NULL); > > ... > SSL_set_ex_data(ssl, mydata_index, &mydata); > > /*********************** snippet end *********************************/ > My questions are: > > 1. Why it gets index from a global instead of from the specific ssl session > context?
Even though each SSL session will have its own data, the types of data stored will probably be the same (or mostly the same) for all the SSL sessions in the process. So the indexes are allocated globally; once you get an index, you can use that index to store your data in *any* SSL session. Usually get_ex_new_index() is called during startup and the index is stored in a variable that is private to the code that is using it. > 2. This returned index increased for each time even for different ssl > connection, I don’t know why, though I saw some comments in manpage of > RSA_get_ex_new_index, saying “Each successful call to RSA_get_ex_new_index() > will return an index greater than any previously returned, this is important > because the optional functions are called in order of increasing index > value.” But I can’t understand why “this is important”. I think it is only important if it matters to you what order the optional functions are called. For example, maybe your new_func or dup_func relies indirectly on data which is stored under another index. In your example you are passing NULL for all three optional functions so it doesn't matter for you. > 3. If I have multiple simultaneous ssl connections, for each connection, can > I NOT call SSL_get_ex_new_index, and store my private data by directly > writing to index 0 position, e.g. SSL_set_ex_data(ssl, 0, &mydata) ? Then I > get back the data in by calling mydata = SSL_get_ex_data(ssl,0). The important thing is not to use the same index as any other code. get_ex_new_index() returns a new, different index every time it is called. If you get an index from it, then you know that you "own" that slot in the array, and nobody else should be storing their private data in that slot. Here is an old posting to the mailing list explaining the ex_index stuff in a different way; perhaps it will be clearer: http://www.mail-archive.com/openssl-users@openssl.org/msg52322.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
