Contract of d2i_SSL_SESSION ?
Jesper Pedersen
jesper.pedersen at redhat.com
Thu Dec 16 08:58:37 UTC 2021
Hi,
I have a use-case where I need to reuse the SSL session in another
process that created it. So, it looks like
Process 1:
* Create SSL_CTX
* Create SSL
* Use SSL
* i2d_SSL_SESSION into shared memory [1] -- this works
* Free SSL (no SSL_shutdown as I need socket descriptor as well)
* Transfer socket descriptor to parent process
Process 2:
* Create SSL_CTX
* Create SSL
* Attach SSL_SESSION through d2i_SSL_SESSION [2]
* Associate the socket descriptor (as its number may have changed)
* Call SSL_connect (same result as SSL_set_connect_state +
SSL_do_handshake)
After the SSL_connect call SSL_pending [3] will show 19 0-bytes in the
buffer which leads to
AFTER CONNECT: 19
00000000000000000000000000000000000000
???????????????????
SSL_ERROR_SSL: FD 15
error:140940F4:SSL routines:ssl3_read_bytes:unexpected message
SSL routines
unexpected message
so I must be missing something in the contract of d2i_SSL_SESSION.
The SSL session cache is SSL_SESS_CACHE_CLIENT |
SSL_SESS_CACHE_NO_INTERNAL_STORE.
Using OpenSSL 1.1.1l
[1]
https://github.com/jesperpedersen/pgagroal/commit/05f6c65bf95b932faf3fb583d484100d83211634#diff-b0ad697326050bb80fb89068786852d7b974e1f648103fe382acea69097fd152R3446
[2]
https://github.com/jesperpedersen/pgagroal/commit/05f6c65bf95b932faf3fb583d484100d83211634#diff-b0ad697326050bb80fb89068786852d7b974e1f648103fe382acea69097fd152R5857
[3]
https://github.com/jesperpedersen/pgagroal/commit/05f6c65bf95b932faf3fb583d484100d83211634#diff-b0ad697326050bb80fb89068786852d7b974e1f648103fe382acea69097fd152R5899
Full patch:
https://github.com/jesperpedersen/pgagroal/commit/05f6c65bf95b932faf3fb583d484100d83211634
Upstream project: https://github.com/agroal/pgagroal
Thanks in advance for questions, suggestions, hints or comments on the
current code !
Best regards,
Jesper
More information about the openssl-users
mailing list