[openssl-users] Openssl session resumption issue
Sahib Jakhar
sahib.jakhar at gmail.com
Tue Mar 31 17:51:02 UTC 2015
Hi,
I am trying to implement session resumption on a client/server model
using disk based session caching. I am facing couple of problems:
1. On the client side, even though saving of session using
PEM_ASN1_write_bio works, reading it again using PEM_ASN1_read_bio
always returns NULL pointer for SSL_SESSION. So reading doesn't work.
2. On the server side, even saving of session doesn't work and
PEM_ASN1_write_bio simply crashes, for some unknown reason, even
though the code for client and server is almost the same.
I am reproducing the code below, can somebody help me out as to what I
am doing wrong? Please forgive me if I am making some naive mistake.
Any other comments/observation will be helpful, as I am doing this the
first time.
static int bl_openssl_io_encrypted_from_file (char
*session_save_path, int is_write, void *io_data)
{
.....
fd = bl_openssl_open_and_lock_file (session_save_path,
is_write ? F_WRLCK : F_RDLCK);
if (IS_FILE_HANDLE_INVALID(fd))
{ ... }
if (!(bp = BL_BIO_new_fd (fd, is_write ? _O_WRONLY :
_O_RDONLY, BIO_NOCLOSE)))
{ ... }
if (is_write)
{
enc = EVP_des_ede3_cbc ();
PEM_ASN1_write_bio ((int (*)())i2d_SSL_SESSION,
PEM_STRING_SSL_SESSION, bp, (char *)io_data, enc, NULL, 0, NULL,
cachepass);
}
else
{
PEM_ASN1_read_bio ((char *(*)())d2i_SSL_SESSION,
PEM_STRING_SSL_SESSION, bp, (char **)io_data, NULL, cachepass);
}
BIO_flush (bp);
BIO_free (bp);
bl_openssl_close_and_unlock_file (fd);
ret = 0;
CLEANUP_CODE_AND_RETURN
}
/* This function is for reading session from file. */
static SSL_SESSION *bl_openssl_read_encrypted_session_from_file
(char *session_save_path, int *ref)
{
SSL_SESSION *sess = NULL;
int ret;
ret = bl_openssl_io_encrypted_from_file (session_save_path, 0, &sess);
if (ref)
*ref = ret;
return sess;
}
/* This function is for writing session to file. */
static int bl_openssl_write_encrypted_session_to_file (char
*session_save_path, SSL_SESSION *sess)
{
int ret = 0;
ret = bl_openssl_io_encrypted_from_file (session_save_path, 1, sess);
return ret;
}
/* This function is for reading session from file for client. This
always returns NULL. */
SSL_SESSION *bl_openssl_client_load_session_information (server_info* bi)
{
....
return bl_openssl_read_encrypted_session_from_file (filePath, NULL);
}
/* This function is for writing session to file for client. This works. */
void bl_openssl_client_save_session_information (server_info* bi,
SSL_SESSION *sess)
{
....
bl_openssl_write_encrypted_session_to_file (filePath, sess);
}
/* This is for server side caching. Used as
SSL_CTX_sess_set_new_cb (c, bl_openssl_new_session_cb );
This function crashes. */
int bl_openssl_new_session_cb (SSL *ctx, SSL_SESSION *session)
{
char *session_save_path = NULL;
session_save_path = bl_openssl_get_server_session_file_path
(session->session_id, session->session_id_length);
return bl_openssl_write_encrypted_session_to_file
(session_save_path, session);
}
/* This is for server side retrieval of cached session. Used as,
SSL_CTX_sess_set_get_cb (c, bl_openssl_get_session_cb); */
SSL_SESSION *bl_openssl_get_session_cb (SSL *ctx, unsigned char
*id, int len, int *ref)
{
char *session_save_path = NULL;
session_save_path = bl_openssl_get_server_session_file_path (id, len);
return bl_openssl_read_encrypted_session_from_file
(session_save_path, ref);
}
Thanks,
Sahib
More information about the openssl-users
mailing list