Sorry, I missed that call to SSL_set_session. No, you don't need to call SSL_set_session. SSL_get_session is a get0-type function; it just returns a copy of the pointer in the SSL object. So any changes you make to that SSL_SESSION object are to the one that's already in the SSL object.
Calling SSL_set_session with the same session that's already in the SSL should be OK, because the code increments the reference count on the SSL_SESSION before calling SSL_SESSION_free - and so the free will just decrement the count again. But it doesn't do anything useful. (SSL_set_session could do a reference comparison on the existing and new sessions and return without doing anything if they're the same, but there's probably little real-world value in adding such an optimization.) The code's in ssl/ssl_sess.c (at least for 1.0.2), if you want to have a look for yourself. It's quite straightforward, which is not *always* the case with OpenSSL. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Eric To Sent: Thursday, August 25, 2016 09:29 To: openssl-users@openssl.org Subject: Re: [openssl-users] Example on SSL_SESSION_set_ex_data? Thanks Rich and Michael. That was it, I was under the impression that these set functions would behave like those i2d function that would put the actual data inside... as I don't want to deal with the deallocation later (as I am modifying apache's mod_ssl). This seems to work as I can immediately read it back (before I couldn't) with get_ex_data. Do I still need to call SSL_set_session to put the updated session back in the SSL? According to the documentation: "If there is already a session set inside ssl (because it was set with SSL_set_session() before or because the same ssl was already used for a connection), SSL_SESSION_free() will be called for that session."
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
