[openssl-users] Openssl session resumption issue

Sahib Jakhar sahib.jakhar at gmail.com
Tue Mar 31 17:51:02 UTC 2015


I am trying to implement session resumption on a client/server model
using disk based session caching. I am facing couple of problems:

1. On the client side, even though saving of session using
PEM_ASN1_write_bio works, reading it again using PEM_ASN1_read_bio
always returns NULL pointer for SSL_SESSION. So reading doesn't work.
2. On the server side, even saving of session doesn't work and
PEM_ASN1_write_bio simply crashes, for some unknown reason, even
though the code for client and server is almost the same.

I am reproducing the code below, can somebody help me out as to what I
am doing wrong? Please forgive me if I am making some naive mistake.
Any other comments/observation will be helpful, as I am doing this the
first time.

    static int bl_openssl_io_encrypted_from_file (char
*session_save_path, int is_write, void *io_data)

        fd = bl_openssl_open_and_lock_file (session_save_path,
is_write ? F_WRLCK : F_RDLCK);
        if (IS_FILE_HANDLE_INVALID(fd))
        { ... }

        if (!(bp = BL_BIO_new_fd (fd, is_write ? _O_WRONLY :
        { ... }

        if (is_write)
            enc = EVP_des_ede3_cbc ();
            PEM_ASN1_write_bio ((int (*)())i2d_SSL_SESSION,
PEM_STRING_SSL_SESSION, bp, (char *)io_data, enc, NULL, 0, NULL,
            PEM_ASN1_read_bio ((char *(*)())d2i_SSL_SESSION,
PEM_STRING_SSL_SESSION, bp, (char **)io_data, NULL, cachepass);

        BIO_flush (bp);
        BIO_free (bp);
        bl_openssl_close_and_unlock_file (fd);

        ret = 0;


    /* This function is for reading session from file.  */
    static SSL_SESSION *bl_openssl_read_encrypted_session_from_file
(char *session_save_path, int *ref)
        SSL_SESSION *sess = NULL;
        int ret;

        ret = bl_openssl_io_encrypted_from_file (session_save_path, 0, &sess);

        if (ref)
            *ref = ret;

        return sess;

    /* This function is for writing session to file. */
    static int bl_openssl_write_encrypted_session_to_file (char
*session_save_path, SSL_SESSION *sess)
        int ret = 0;

        ret = bl_openssl_io_encrypted_from_file (session_save_path, 1, sess);
        return ret;

    /* This function is for reading session from file for client. This
always returns NULL. */
    SSL_SESSION *bl_openssl_client_load_session_information (server_info* bi)

        return bl_openssl_read_encrypted_session_from_file (filePath, NULL);

    /* This function is for writing session to file for client. This works. */
    void bl_openssl_client_save_session_information (server_info* bi,

        bl_openssl_write_encrypted_session_to_file (filePath, sess);

    /* This is for server side caching. Used as
        SSL_CTX_sess_set_new_cb (c, bl_openssl_new_session_cb );
        This function crashes. */
    int bl_openssl_new_session_cb (SSL *ctx, SSL_SESSION *session)
        char *session_save_path = NULL;

        session_save_path = bl_openssl_get_server_session_file_path
(session->session_id, session->session_id_length);
        return bl_openssl_write_encrypted_session_to_file
(session_save_path, session);

    /* This is for server side retrieval of cached session. Used as,
        SSL_CTX_sess_set_get_cb (c, bl_openssl_get_session_cb); */
    SSL_SESSION *bl_openssl_get_session_cb (SSL *ctx, unsigned char
*id, int len, int *ref)
        char *session_save_path = NULL;

        session_save_path = bl_openssl_get_server_session_file_path (id, len);
        return bl_openssl_read_encrypted_session_from_file
(session_save_path, ref);


More information about the openssl-users mailing list