SSL_SESSION_set1_ticket ?

Viktor Dukhovni openssl-users at
Mon Apr 1 23:31:57 UTC 2019

> On Apr 1, 2019, at 10:01 AM, Jeremy Harris <jgh at> wrote:
> Thanks for the explanation.  Next, serialise/deseralise
> of the session is failing.  Test code:
>  {
>  SSL_SESSION * ss = SSL_get_session(ssl);
>  uschar * sess_asn1;
>  int len;
>  len = i2d_SSL_SESSION(ss, &sess_asn1);

This is incorrect use of the api.  You need to provide a NULL
buffer, obtain the length, then call again, after allocating
a buffer of the requisite size.  Here's an example from the
DANE code in Postfix (likely similar code already in Exim):

        len = i2d_X509(cert, NULL);
        buf2 = buf = (unsigned char *) mymalloc(len);
        i2d_X509(cert, &buf2);

Note that i2d updates its second argument to point to the end of
the buffer just written, which supports append operations, but
means you also need a pointer to the original buffer, hence
the "buf2 = buf = ...".  The serialized data is sandwiched
between "buf" (start) and "buf2" (end).


More information about the openssl-users mailing list