On Tue, Mar 31, 2015 at 11:21:02PM +0530, Sahib Jakhar wrote: > 1. On the client side, even though saving of session using > PEM_ASN1_write_bio works, Why are you using PEM_ASN1_write_bio()? Serialize sessions using i2d_SSL_SESSION(), and then save the resulting octet string ( not NUL terminated C string). If you're saving multiple sessions, you'll need some sort of suitable key/value store that supports "binary" (byte array with length) values. Why are client sessions persisted to disk? If you must write to disk, make sure the disk file storing the session data is not world-readable. Do you really need a server-side session cache? Or will session tickets suffice? If you do need one, something other than a random-access database will perform very poorly, you need an LMDB or SQLite store for a disk-based key-value server-side cache. Something with fast lookups by session id. > reading it again using PEM_ASN1_read_bio > always returns NULL pointer for SSL_SESSION. Why are you using PEM_ASN1_read_bio()? Read back the byte array and deserialize using d2i_SSL_SESSION(). -- Viktor.
