Contract of d2i_SSL_SESSION ?

Jesper Pedersen jesper.pedersen at redhat.com
Thu Dec 16 11:23:11 UTC 2021


Hi Matt,

On 12/16/21 06:16, Matt Caswell wrote:
>> After the SSL_connect call SSL_pending [3] will show 19 0-bytes in the 
>> buffer which leads to
>>
>> AFTER CONNECT: 19
>> 00000000000000000000000000000000000000
>> ???????????????????
>> SSL_ERROR_SSL: FD 15
>> error:140940F4:SSL routines:ssl3_read_bytes:unexpected message
>> SSL routines
>> unexpected message
>>
>> so I must be missing something in the contract of d2i_SSL_SESSION.
>>
>> The SSL session cache is SSL_SESS_CACHE_CLIENT | 
>> SSL_SESS_CACHE_NO_INTERNAL_STORE.
> 
> 
> It's not 100% clear to me what you are trying to achieve or what you 
> expected to happen - but it sounds like you are trying to transfer an 
> active SSL connection from one process to another. This capability is 
> not supported although it has been asked for from time to time.
> 
> All SSL_SESSION allows you to do is to *resume* a session based on an 
> old connection, i.e. a new connection is created based on parameters 
> negotiated from an old connection.
> 

Yes, it is basically a resume I'm looking for - as the SSL_SESSION won't 
be active in "Process 1" after i2d_SSL_SESSION; the process dies.

"Process 2" is just another process since there is a new client that 
trigger the fork(), but "Process 2" use all the state that was created 
by "Process 1" - obtained from shared memory.

Best regards,
  Jesper



More information about the openssl-users mailing list