Contract of d2i_SSL_SESSION ?
Jesper Pedersen
jesper.pedersen at redhat.com
Thu Dec 16 11:23:11 UTC 2021
Hi Matt,
On 12/16/21 06:16, Matt Caswell wrote:
>> After the SSL_connect call SSL_pending [3] will show 19 0-bytes in the
>> buffer which leads to
>>
>> AFTER CONNECT: 19
>> 00000000000000000000000000000000000000
>> ???????????????????
>> SSL_ERROR_SSL: FD 15
>> error:140940F4:SSL routines:ssl3_read_bytes:unexpected message
>> SSL routines
>> unexpected message
>>
>> so I must be missing something in the contract of d2i_SSL_SESSION.
>>
>> The SSL session cache is SSL_SESS_CACHE_CLIENT |
>> SSL_SESS_CACHE_NO_INTERNAL_STORE.
>
>
> It's not 100% clear to me what you are trying to achieve or what you
> expected to happen - but it sounds like you are trying to transfer an
> active SSL connection from one process to another. This capability is
> not supported although it has been asked for from time to time.
>
> All SSL_SESSION allows you to do is to *resume* a session based on an
> old connection, i.e. a new connection is created based on parameters
> negotiated from an old connection.
>
Yes, it is basically a resume I'm looking for - as the SSL_SESSION won't
be active in "Process 1" after i2d_SSL_SESSION; the process dies.
"Process 2" is just another process since there is a new client that
trigger the fork(), but "Process 2" use all the state that was created
by "Process 1" - obtained from shared memory.
Best regards,
Jesper
More information about the openssl-users
mailing list