Hi all, I use openssl library in a daemon, and there are a lot of crashes around ssl session management. A crash happens when ssl sessions are flushed via SSL_CTX_flush_sessions(), because they could have bad session id.
Here, the life of one session: ptr_addr: refcount: type[session_id] (function:line) 0x807807600: 1:SSL_SESSION [0x0] (SSL_SESSION_new:205) 0x807807600: 1:--> SSL_SESSION CHECK BEFORE [0x0] (ssl3_get_new_session_ticket:2236) 0x807807600: 1:--> SSL_SESSION CHECK AFTER [0xaa685c61] (ssl3_get_new_session_ticket:2244) 0x807807600: 2:SSL_SESSION [0xaa685c61] (SSL_CTX_add_session:673) 0x807807600: 3:SSL_SESSION [0xaa685c61] (ssl_update_cache:2456) 0x807807600: 2:SSL_SESSION_FREE [0xaa685c61] (SSL_free:559) 0x807807600: 3:SSL_SESSION [0xaa685c61] (SSL_set_session:855) 0x807807600: 3:--> SSL_SESSION CHECK BEFORE [0xaa685c61] (ssl3_client_hello:731) 0x807807600: 3:--> SSL_SESSION CHECK AFTER [0xaa685c61] (ssl3_client_hello:733) 0x807807600: 3:--> SSL_SESSION CHECK BEFORE [0xaa685c61] (ssl3_get_new_session_ticket:2236) 0x807807600: 3:--> SSL_SESSION CHECK AFTER [0xe47912b1] (ssl3_get_new_session_ticket:2244) 0x807807600: 2:SSL_SESSION_FREE [0xe47912b1] (SSL_free:559) ... The server requests new session ticket (SSL3_ST_CR_SESSION_TICKET_[AB]), but the session id is already initialized. To fix it, I thought to free the old ssl session and to create a new one in ssl3_connect(), in case SSL3_ST_CR_SESSION_TICKET_[AB], before ssl3_get_new_session_ticket() call, but I'm not sure it's a good fix. Could you help me? Do you need more details about my issue? Thanks, Olivier _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
