<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 14, 2017 at 3:43 AM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span class="gmail-"><br>
<br>
On 14/06/17 01:38, Salz, Rich via openssl-users wrote:<br>
> It’s disabled by default. Servers that want to use server-side session<br>
> caching have to call an API to turn it on<br>
<br>
</span>Err, no, that's not correct. Server side caching is on by default.<br>
Client side caching is off by default.<br></blockquote><div><br></div><div><font color="#ff0000"><br></font></div><div><font color="#ff0000">I am quoting a line from Network Security with OpenSSL book (O'Reilly Media)</font></div><div><font color="#ff0000"><br></font></div>
<div><font color="#ff0000"><span style="font-size:11pt;font-family:TimesNewRoman">"All sessions must have a session ID context. For the server, session caching is disabled by default
unless a call to </span><span style="font-size:10pt;font-family:CourierNewPSMT">SSL_CTX_set_session_id_context </span><span style="font-size:11pt;font-family:TimesNewRoman">is made."</span></font></div><div><span style="font-size:11pt;font-family:TimesNewRoman"><font color="#ff0000"><br></font></span></div><div><span style="font-size:11pt;font-family:TimesNewRoman"><font color="#ff0000">That's why I thought server side session caching is disabled by default.</font></span></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<span class="gmail-"><br>
<br>
On 14/06/17 02:03, Neetish Pathak wrote:<br>
> Thanks for your reply Salz. However, I want to know should the session<br>
> caching be enabled on server side for TLS 1.3 for session resumption.<br>
<br>
</span>It should just work by default for TLSv1.3. You don't need to enable<br>
anything.<br></blockquote><div> </div><div><font color="#ff0000">Yea it worked for previous TLS versions, so everything was inline. But since with TLS 1.3, I was not observing the same behavior, that's why my question was for TLS 1.3. </font></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<span class="gmail-"><br>
> Also, I need a clarification on how does resumption work in case of<br>
> session identifiers if server side caching is not enabled<br>
<br>
</span>As noted above server side caching is on by default.<br></blockquote><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<span class="gmail-"><br>
On 14/06/17 02:33, Neetish Pathak wrote:<br>
> I need some suggestions on how I can implement session resumption in TLS<br>
> 1.3. I have implemented the resumption on the client side using a<br>
> callback as recommended on the TLS 1.3<br>
> blog <a href="https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/" rel="noreferrer" target="_blank">https://www.openssl.org/blog/<wbr>blog/2017/05/04/tlsv1.3/</a><br>
> <<a href="https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/" rel="noreferrer" target="_blank">https://www.openssl.org/blog/<wbr>blog/2017/05/04/tlsv1.3/</a>> . Still, the<br>
> session resumption is not working. I know this because my new_session_cb<br>
> which I have set using SSL_CTX_sess_set_new_cb is never getting invoked<br>
> and also I don't see any improvement in connection time.<br>
><br>
> The same implementation when I change the max TLS version to TLS1.2<br>
> works and session resumption works as desired.<br>
> I am not sure how I can resolve this.<br>
><br>
> As mentioned on the blog post<br>
><br>
> "In TLSv1.3 sessions are not established until after the main handshake<br>
> has completed. The server sends a separate post-handshake message to the<br>
> client containing the session details. Typically this will happen soon<br>
> after the handshake has completed, but it could be sometime later (or<br>
> not at all)."<br>
><br>
> I think the server is not informing the session details to client at all<br>
> in my case and hence the resumption is not working. Can someone please<br>
> suggest how to resolve this<br>
<br>
</span>Just to be clear: you are using OpenSSL on both the server and client<br>
sides right? If you are using something other than OpenSSL on the server<br>
then the policy might be different around when the session information<br>
is sent to the client (i.e. it could happen sometime later, or not at<br>
all). If you are using OpenSSL on the server then it sends its session<br>
information immediately after the main handshake has completed, so that<br>
should not be a problem.<br>
<br>
So if I understand you correctly the client is successfully creating a<br>
TLSv1.3 connection, but the client side new session callback is never<br>
being invoked? Did you call SSL_CTX_sess_set_new_cb() before or after<br>
the SSL object itself was created? Are you able to share any code for<br>
how you have done this?<br></blockquote><div><br></div><div><br></div><div><br></div><div><font color="#ff0000">Yes, I am using OpenSSl on both the server and client sides and my implementation works for TLS 1.2. </font></div><div><font color="#ff0000">Yea you understood correctly, the client is creating a connection but new session callback is not getting invoked.</font></div><div><font color="#ff0000">I have called SSL_CTX_sess_set_new_cb before SSL object is created</font></div><div><font color="#ff0000"><br></font></div><div><font color="#ff0000"><br></font></div><div><font color="#ff0000"><br></font></div><div><font color="#ff0000">Yea, sure following is a snippet from my client side implementation. I have highlighted the relevant section for new session callback registration</font></div><div><br></div><div><br></div><div><br></div><div><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span style="color:rgb(147,26,104)"><b>static</b></span> <span style="color:rgb(147,26,104)"><b>int</b></span> <b>new_session_cb</b>(SSL* ssl, SSL_SESSION * sess){</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>BIO *stmp = BIO_new_file(SESS_OUT,<span style="color:rgb(57,51,255)">"w"</span>);</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span>(stmp == NULL){</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>BIO_printf(bio_err,</span>"Error writing session file %s\n"<span style="color:rgb(0,0,0)">,SESS_OUT);</span></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(147,26,104)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</span><b>else</b><span style="color:rgb(0,0,0)">{</span></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>fprintf(stderr,</span>"Session getting set\n"<span style="color:rgb(0,0,0)">);</span></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>PEM_write_bio_SSL_SESSION(stmp,sess);</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>BIO_free(stmp);</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>resumeInput = TRUE;</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(147,26,104)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><b>return</b><span style="color:rgb(0,0,0)"> 0;</span></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span style="color:rgb(147,26,104)"><b>int</b></span> <b>SocketClient::connectToServer</b>(){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span>/*Initialization</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> ** (1)Register SSL/TLS ciphers and digests</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> ** (2)Load <span style="text-decoration:underline">Opessl</span> error Strings*/</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>init_OpenSSL();</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span>/*Creating a new SSL context object*/</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(3,38,204)">ssl_ctx</span> = SSL_CTX_new(TLS_client_method());</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_CTX_set_max_proto_version(<span style="color:rgb(3,38,204)">ssl_ctx</span>, MAX_TLS_VERSION);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_CTX_set_min_proto_version(<span style="color:rgb(3,38,204)">ssl_ctx</span>, MIN_TLS_VERSION);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span>(NULL == <span style="color:rgb(3,38,204)">ssl_ctx</span>){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>fail(</span>"SocketClient.cpp : ssl_ctx object creation failed"<span style="color:rgb(0,0,0)">); perror(</span>""<span style="color:rgb(0,0,0)">);</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(147,26,104)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</span><b>else</b><span style="color:rgb(0,0,0)">{</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>pass(</span>"SocketClient.cpp : <span style="text-decoration:underline">ssl</span> Context created successfully"<span style="color:rgb(0,0,0)">);</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(3,38,204)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><b style="background-color:rgb(255,255,0)"><span style="color:rgb(147,26,104)">if</span><span style="color:rgb(0,0,0)">(</span>ssl_ctx<span style="color:rgb(0,0,0)">){</span></b></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><b style="background-color:rgb(255,255,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_CTX_set_session_cache_mode(<span style="color:rgb(3,38,204)">ssl_ctx</span>, SSL_SESS_CACHE_CLIENT</b></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><b style="background-color:rgb(255,255,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>| SSL_SESS_CACHE_NO_INTERNAL_STORE);</b></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><b style="background-color:rgb(255,255,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_CTX_sess_set_new_cb(<span style="color:rgb(3,38,204)">ssl_ctx</span>, new_session_cb);</b></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><b style="background-color:rgb(255,255,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</b></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(147,26,104)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><b>return</b><span style="color:rgb(0,0,0)"> 0;</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">
</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">}</p><div><br></div><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">int <b>SocketClient::sslTcpConnect</b>(){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="background-color:rgb(255,255,0)">/*Attaching the SSL connection to the Socket*/</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span style="background-color:rgb(255,255,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span>((<span style="color:rgb(147,26,104)"><b>this</b></span>-><span style="color:rgb(3,38,204)">conn</span> = SSL_new(<span style="color:rgb(3,38,204)">ssl_ctx</span>)) == NULL){</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="background-color:rgb(255,255,0)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>perror(</span>"SocketClient.cpp : create new SSL failed "<span style="color:rgb(0,0,0)">);</span></span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span style="background-color:rgb(255,255,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>exit(1);</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span style="background-color:rgb(255,255,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span>/*Try to resume session*/</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span style="color:rgb(147,26,104)"><b>#if</b></span> SESS_RESUME</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span>(resumeInput){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_SESSION *sess;</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>BIO *stmp = BIO_new_file(SESS_OUT, <span style="color:rgb(57,51,255)">"r"</span>);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span> (!stmp) {</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>BIO_printf(bio_err, <span style="color:rgb(57,51,255)">"Can't open session file %s\n"</span>, SESS_OUT);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>ERR_print_errors(bio_err);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>BIO_free(stmp);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span> (!sess) {</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>BIO_printf(bio_err, <span style="color:rgb(57,51,255)">"Can't open session file %s\n"</span>, SESS_OUT);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>ERR_print_errors(bio_err);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span> (!SSL_set_session(<span style="color:rgb(147,26,104)"><b>this</b></span>-><span style="color:rgb(3,38,204)">conn</span>, sess)) {</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>BIO_printf(bio_err, <span style="color:rgb(57,51,255)">"Can't set session\n"</span>);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>ERR_print_errors(bio_err);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_SESSION_free(sess);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span>/*if(FALSE == TLSv1_3){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>if(this->sessionId != NULL){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_set_session(this-><span style="text-decoration:underline">conn</span>, this->sessionId);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_SESSION_free(this->sessionId);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}*/</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span>/*Another way of resumption*/</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(78,144,114)">/*</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>if(this->sessionId != NULL){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_set_session(this-><span style="text-decoration:underline">conn</span>, this->sessionId);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_SESSION_free(this->sessionId);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>*/</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(147,26,104)"><b>#endif</b></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span>/****Establish TCP connection****/</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span>/*Setting up BIO*/</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(3,38,204)">bio</span> = BIO_new_connect((<span style="color:rgb(147,26,104)"><b>this</b></span>-><span style="color:rgb(3,38,204)">serverName</span> + <span style="color:rgb(57,51,255)">":"</span> + <span style="color:rgb(147,26,104)"><b>this</b></span>-><span style="color:rgb(3,38,204)">portNumber</span>).c_str());</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span>(!<span style="color:rgb(3,38,204)">bio</span>)</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>int_error(</span>"Error creating connection BIO"<span style="color:rgb(0,0,0)">);</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span>(BIO_do_connect(<span style="color:rgb(3,38,204)">bio</span>) <= 0){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>fail(</span>"SocketClient.cpp : TCP connection failed"<span style="color:rgb(0,0,0)">);</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(147,26,104)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</span><b>else</b><span style="color:rgb(0,0,0)">{</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>pass(</span>"SocketClient.cpp : TCP connection successful"<span style="color:rgb(0,0,0)">);</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span>/*set the file descriptor socket-<span style="text-decoration:underline">fd</span> as the input/output facility for the TLS/SSL*/</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_set_bio(<span style="color:rgb(3,38,204)">conn</span>, <span style="color:rgb(3,38,204)">bio</span>, <span style="color:rgb(3,38,204)">bio</span>);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;min-height:17px"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span>/*Perform the SSL handshake*/</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span>(SSL_connect(<span style="color:rgb(3,38,204)">conn</span>) != 1){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>fail(</span>"SocketClient.cpp : SSL connect failed"<span style="color:rgb(0,0,0)">); perror(</span>""<span style="color:rgb(0,0,0)">);</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>ERR_print_errors_fp(stderr);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_clear(<span style="color:rgb(3,38,204)">conn</span>);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>exit(1);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(147,26,104)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</span><b>else</b><span style="color:rgb(0,0,0)">{</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(3,38,204)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="color:rgb(147,26,104)"><b>this</b></span><span style="color:rgb(0,0,0)">-></span>isConnected<span style="color:rgb(0,0,0)"> = </span><span style="color:rgb(147,26,104)"><b>true</b></span><span style="color:rgb(0,0,0)">;</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>pass(</span>"SocketClient.cpp : SSL_connect successful"<span style="color:rgb(0,0,0)">);</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="white-space:pre"> </span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>return</b></span> 0;</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">
</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">}</p><div><br></div><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span style="color:rgb(147,26,104)"><b>int</b></span> <b>SocketClient::sslTcpClosure</b>(){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><span style="color:rgb(147,26,104)"><b>if</b></span> (<span style="color:rgb(147,26,104)"><b>this</b></span>-><span style="color:rgb(3,38,204)">conn</span>){</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>SSL_shutdown(<span style="color:rgb(147,26,104)"><b>this</b></span>-><span style="color:rgb(3,38,204)">conn</span>);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(147,26,104)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><b>if</b><span style="color:rgb(0,0,0)">(</span><b>this</b><span style="color:rgb(0,0,0)">-></span><span style="color:rgb(3,38,204)">bio</span><span style="color:rgb(0,0,0)">)</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>BIO_free(<span style="color:rgb(147,26,104)"><b>this</b></span>-><span style="color:rgb(3,38,204)">bio</span>);</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(147,26,104)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><b>return</b><span style="color:rgb(0,0,0)"> 0;</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">
</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">}</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">My calling sequence is :</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">client.connectToServer();</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">client.sslTcpConnect();</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">
</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">client.sslTcpClosure();</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><br></p></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div class="gmail-HOEnZb"><div class="gmail-h5"><br>
Matt<br>
<br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a></div></div></blockquote><div><br></div><div><br></div><div>Thanks</div><div>BR,</div><div>Neetish </div></div><br></div></div>