Re: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 21/10/2021 09:48, Paramashivaiah, Sunil wrote:
Hi All,

          Please let me know how I can replace the below 1.0.2 code to 3.0

*    SSL_SESSION data;*

*    SSL_SESSION *ret=NULL;*

**

*    data.ssl_version = sessVersion;*

*    data.session_id_length= sessIdLen;*

**

*    memcpy(data.session_id, sessId,  sessIdLen);*

*    CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);*

**

*    ret= (SSL_SESSION *)lh_retrieve((_LHASH *)sslCtx->sessions, &data);*

**

*    CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);*


I don't think this is currently possible (at least not easily).

There is no way to access the session hash lock at the moment. There *is* a way to get hold of the session hash itself using SSL_CTX_sessions(). That's not particularly useful, because without access to the lock you would have to do your own locking to ensure that no libssl functions were being called by other threads at the same time as the retrieval from the hash.

Also we don't expose the function lh_SSL_SESSION_retrieve() which is what we use internally for retrieving out of the session hash (this is actually possibly a bug) - although you could use the type generic OPENSSL_LH_retrieve function (lh_retrieve in your code above is just a macro for OPENSSL_LH_retrieve in 3.0)

If your objective is simply to determine whether such a hash entry exists or not then you could instead use SSL_has_matching_session_id():
https://www.openssl.org/docs/man3.0/man3/SSL_has_matching_session_id.html

Matt




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux