On 16/12/2021 11:23, Jesper Pedersen wrote:
Hi Matt,
On 12/16/21 06:16, Matt Caswell wrote:
After the SSL_connect call SSL_pending [3] will show 19 0-bytes in
the buffer which leads to
AFTER CONNECT: 19
00000000000000000000000000000000000000
???????????????????
SSL_ERROR_SSL: FD 15
error:140940F4:SSL routines:ssl3_read_bytes:unexpected message
SSL routines
unexpected message
so I must be missing something in the contract of d2i_SSL_SESSION.
The SSL session cache is SSL_SESS_CACHE_CLIENT |
SSL_SESS_CACHE_NO_INTERNAL_STORE.
It's not 100% clear to me what you are trying to achieve or what you
expected to happen - but it sounds like you are trying to transfer an
active SSL connection from one process to another. This capability is
not supported although it has been asked for from time to time.
All SSL_SESSION allows you to do is to *resume* a session based on an
old connection, i.e. a new connection is created based on parameters
negotiated from an old connection.
Yes, it is basically a resume I'm looking for - as the SSL_SESSION won't
be active in "Process 1" after i2d_SSL_SESSION; the process dies.
So, if its a resume you are attempting to achieve its unclear to me what
you wrote about transferring the socket descriptor to the parent
process. Since a resumption is effectively creating a new connection it
is normally on a complete new fd.
Matt
"Process 2" is just another process since there is a new client that
trigger the fork(), but "Process 2" use all the state that was created
by "Process 1" - obtained from shared memory.
Best regards,
Jesper
