Contract of d2i_SSL_SESSION ?
Matt Caswell
matt at openssl.org
Thu Dec 16 11:30:36 UTC 2021
On 16/12/2021 11:23, Jesper Pedersen wrote:
> Hi Matt,
>
> On 12/16/21 06:16, Matt Caswell wrote:
>>> After the SSL_connect call SSL_pending [3] will show 19 0-bytes in
>>> the buffer which leads to
>>>
>>> AFTER CONNECT: 19
>>> 00000000000000000000000000000000000000
>>> ???????????????????
>>> SSL_ERROR_SSL: FD 15
>>> error:140940F4:SSL routines:ssl3_read_bytes:unexpected message
>>> SSL routines
>>> unexpected message
>>>
>>> so I must be missing something in the contract of d2i_SSL_SESSION.
>>>
>>> The SSL session cache is SSL_SESS_CACHE_CLIENT |
>>> SSL_SESS_CACHE_NO_INTERNAL_STORE.
>>
>>
>> It's not 100% clear to me what you are trying to achieve or what you
>> expected to happen - but it sounds like you are trying to transfer an
>> active SSL connection from one process to another. This capability is
>> not supported although it has been asked for from time to time.
>>
>> All SSL_SESSION allows you to do is to *resume* a session based on an
>> old connection, i.e. a new connection is created based on parameters
>> negotiated from an old connection.
>>
>
> Yes, it is basically a resume I'm looking for - as the SSL_SESSION won't
> be active in "Process 1" after i2d_SSL_SESSION; the process dies.
So, if its a resume you are attempting to achieve its unclear to me what
you wrote about transferring the socket descriptor to the parent
process. Since a resumption is effectively creating a new connection it
is normally on a complete new fd.
Matt
>
> "Process 2" is just another process since there is a new client that
> trigger the fork(), but "Process 2" use all the state that was created
> by "Process 1" - obtained from shared memory.
>
> Best regards,
> Jesper
>
More information about the openssl-users
mailing list