[openssl-dev] SSL transfer connection (SSL_dup, SSL_up_ref, SSL_free)

[Benjamin Kaduk]

On 04/23/2016 12:26 AM, Alex Hultman wrote:
> Hi,
>
> I'm having trouble "duping" an SSL connection. I have an SSL *pointer
> that is going to be SSL_free'd, so I need to clone it or up the ref
> count or somehow make it stay alive. I see that in OpenSSL 1.1.0 it
> seems you added the SSL_up_ref - is there any equivalent functionality
> in 1.0.2? I also see that the documentation of SSL_dup has changed in
> 1.1.0 to a much more strict one (one that does not suit my needs).
>

The SSL_up_ref() on master is just a thin wrapper around
CRYPTO_atomic_add() on s->references, which is needed because the SSL
structure has become opaque.  You can do the same thing in 1.0.2 by
open-coding the corresponding call to CRYPTO_add() (master has changed
the atomics APIs as well).  That would be my recommendation in the
scenario you describe, as it allows the original consumer to SSL_free()
its handle while the second one continues to use the SSL object.

-Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160425/0c741c18/attachment.html>