SSL_SESSION_set1_ticket ?

Viktor Dukhovni openssl-users at
Tue Apr 2 14:26:46 UTC 2019

On Tue, Apr 02, 2019 at 10:54:43AM +0100, Jeremy Harris wrote:

> > This is incorrect use of the api.  You need to provide a NULL
> > buffer, obtain the length, then call again, after allocating
> > a buffer of the requisite size.
> Thanks (again).  Perhaps a note of this in the manpage
> would be good?  And any other i2d_* pages?

The 1.1.0 (and later) documentation reads:

    These functions decode and encode an SSL_SESSION object. For
    encoding details see d2i_X509(3).

which leads to:

    i2d_TYPE() encodes the structure pointed to by a into DER format.
    If ppout is not NULL, it writes the DER encoded data to the
    buffer at *ppout, and increments it to point after the data
    just written. If the return value is negative an error occurred,
    otherwise it returns the length of the encoded data.

    If *ppout is NULL memory will be allocated for a buffer and the
    encoded data written to it. In this case *ppout is not incremented
    and it points to the start of the data just written.

The "1.0.2" version (after running the word-wrapped HTML code
example through "indent") reads:

    When using i2d_SSL_SESSION(), the memory location pointed to
    by pp must be large enough to hold the binary representation
    of the session. There is no known limit on the size of the
    created ASN1 representation, so the necessary amount of space
    should be obtained by first calling i2d_SSL_SESSION() with
    pp=NULL, and obtain the size needed, then allocate the memory
    and call i2d_SSL_SESSION() again. Note that this will advance
    the value contained in *pp so it is necessary to save a copy
    of the original allocation. For example:

	int		i, j;
	char	       *p, *temp;

	i = i2d_SSL_SESSION(sess, NULL);
	p = temp = malloc(i);
	j = i2d_SSL_SESSION(sess, &temp);
	assert(i == j);
	assert(p + i == temp);


More information about the openssl-users mailing list