Contract of d2i_SSL_SESSION ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have a use-case where I need to reuse the SSL session in another process that created it. So, it looks like

Process 1:
 * Create SSL_CTX
 * Create SSL
 * Use SSL
 * i2d_SSL_SESSION into shared memory [1] -- this works
 * Free SSL (no SSL_shutdown as I need socket descriptor as well)
 * Transfer socket descriptor to parent process

Process 2:
 * Create SSL_CTX
 * Create SSL
 * Attach SSL_SESSION through d2i_SSL_SESSION [2]
 * Associate the socket descriptor (as its number may have changed)
* Call SSL_connect (same result as SSL_set_connect_state + SSL_do_handshake)

After the SSL_connect call SSL_pending [3] will show 19 0-bytes in the buffer which leads to

AFTER CONNECT: 19
00000000000000000000000000000000000000
???????????????????
SSL_ERROR_SSL: FD 15
error:140940F4:SSL routines:ssl3_read_bytes:unexpected message
SSL routines
unexpected message

so I must be missing something in the contract of d2i_SSL_SESSION.

The SSL session cache is SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE.

Using OpenSSL 1.1.1l

[1] https://github.com/jesperpedersen/pgagroal/commit/05f6c65bf95b932faf3fb583d484100d83211634#diff-b0ad697326050bb80fb89068786852d7b974e1f648103fe382acea69097fd152R3446 [2] https://github.com/jesperpedersen/pgagroal/commit/05f6c65bf95b932faf3fb583d484100d83211634#diff-b0ad697326050bb80fb89068786852d7b974e1f648103fe382acea69097fd152R5857 [3] https://github.com/jesperpedersen/pgagroal/commit/05f6c65bf95b932faf3fb583d484100d83211634#diff-b0ad697326050bb80fb89068786852d7b974e1f648103fe382acea69097fd152R5899

Full patch: https://github.com/jesperpedersen/pgagroal/commit/05f6c65bf95b932faf3fb583d484100d83211634

Upstream project: https://github.com/agroal/pgagroal

Thanks in advance for questions, suggestions, hints or comments on the current code !

Best regards,
 Jesper




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux