[openssl-dev] SSL transfer connection (SSL_dup, SSL_up_ref, SSL_free)
Benjamin Kaduk
bkaduk at akamai.com
Tue Apr 26 15:42:41 UTC 2016
On 04/25/2016 10:18 PM, Alex Hultman wrote:
> Hi Benjamin,
>
> Thanks for the answer. I actually found a working solution just a
> couple of minutes after I posted but I still wanted to hear what you
> recommended. I just did ssl->references++; and also the same on the
> attached BIO's before SSL_set_fd. This works perfectly and I'm able to
> take over the SSL connection even after the original
And now you have a subtle threading bug that will only manifest under
load -- do not mix ordinary increments (references++) with locked or
otherwise atomic operations (CRYPTO_add).
> server "destroys" their socket.
>
> I guess I just need to use SSL_up_ref when compiling for OpenSSL 1.1.0
> then.
>
You'll need to switch APIs for 1.1.0, yes.
-Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160426/f37a5d9a/attachment.html>
More information about the openssl-dev
mailing list