[openssl-users] Example on SSL_SESSION_set_ex_data?

Eric To totszwai at gmail.com
Thu Aug 25 13:29:06 UTC 2016


Thanks Rich and Michael.

That was it, I was under the impression that these set functions would
behave like those i2d function that would put the actual data inside... as
I don't want to deal with the deallocation later (as I am modifying
apache's mod_ssl). This seems to work as I can immediately read it back
(before I couldn't) with get_ex_data.


Do I still need to call SSL_set_session to put the updated session back in
the SSL?
According to the documentation:
"If there is already a session set inside ssl (because it was set with
SSL_set_session() before or because the same ssl was already used for a
connection), SSL_SESSION_free() will be called for that session."





> > BLAH b;
> > b.blah = 12345;
> >
> > SSL_SESSION *session = SSL_get_session(ssl);
> > SSL_SESSION_set_ex_data(session, my_data_idx, &b);
> > SSL_set_session(ssl, sess);
>
> Is "b" a stack variable?  You should malloc it.
>
> --
> Senior Architect, Akamai Technologies
> IM: richsalz at jabber.at Twitter: RichSalz
>
> ------------------------------
>
>
> (Top-posting because Outlook still can't handle HTML email correctly.)
>
> Unless I'm missing something, you're using the OpenSSL functions correctly
> - though I admit I just looked at them here and didn't check the
> documentation or my own use of them. Perhaps you're not using C correctly.
>
> We can't tell what the storage class of "b" is, because we don't have
> context. Is it static or automatic? If it's automatic, then as soon as it
> goes out of scope, bang - the pointer you've stored is invalid.
>
> The pointer you store should be to an object of static or dynamic storage
> class. Static doesn't generally make sense, unless your sessions need to be
> associated with one of a handful of objects that don't change after
> creation. More typically you'd use a dynamic object. For example:
>
>                 static const BLAH blah0 = {0};
>                 BLAH *bp = malloc(sizeof *bp);
>                 if (! bp) { error handling }
>                 *bp = blah0;
>                 bp->b = 12345;
>                 ...
>                 SSL_SESSION_set_ex_data(session, my_data_idx, bp);
>
> If you're using C++, of course, you'd want to create an object instance
> using operator new, rather than calling malloc. But the principle remains
> the same - don't use a pointer to an object which will be invalidated when
> it goes out of scope.
>
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160825/f13811db/attachment.html>


More information about the openssl-users mailing list