[openssl-users] Example on SSL_SESSION_set_ex_data?

Michael Wojcik Michael.Wojcik at microfocus.com
Wed Aug 24 22:21:05 UTC 2016


(Top-posting because Outlook still can't handle HTML email correctly.)

Unless I'm missing something, you're using the OpenSSL functions correctly - though I admit I just looked at them here and didn't check the documentation or my own use of them. Perhaps you're not using C correctly.

We can't tell what the storage class of "b" is, because we don't have context. Is it static or automatic? If it's automatic, then as soon as it goes out of scope, bang - the pointer you've stored is invalid.

The pointer you store should be to an object of static or dynamic storage class. Static doesn't generally make sense, unless your sessions need to be associated with one of a handful of objects that don't change after creation. More typically you'd use a dynamic object. For example:

                static const BLAH blah0 = {0};
                BLAH *bp = malloc(sizeof *bp);
                if (! bp) { error handling }
                *bp = blah0;
                bp->b = 12345;
                ...
                SSL_SESSION_set_ex_data(session, my_data_idx, bp);

If you're using C++, of course, you'd want to create an object instance using operator new, rather than calling malloc. But the principle remains the same - don't use a pointer to an object which will be invalidated when it goes out of scope.

Michael Wojcik
Distinguished Engineer, Micro Focus


From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Eric To
Sent: Wednesday, August 24, 2016 15:50
To: openssl-users at openssl.org
Subject: [openssl-users] Example on SSL_SESSION_set_ex_data?

Can someone give an example on how to use the SSL_SESSION_set_ex_data?
I'm trying to set custom information in apache mod_ssl and after trying many different ways, but can't get it to stick...

struct st_blah_t {
  int blah;
} BLAH;

my_data_idx = SSL_SESSION_get_ex_new_index(0, "BLAH", NULL, NULL, NULL);

BLAH b;
b.blah = 12345;

SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_set_ex_data(session, my_data_idx, &b);
SSL_set_session(ssl, sess);

Am I using the functions right?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160824/128698e9/attachment.html>


More information about the openssl-users mailing list