Client side session handling

Jason Schultz jetson23 at
Wed Oct 13 23:57:14 UTC 2021

OpenSSL SSL_SESSSIONS are reference-counted.  This is typical of a
number of similar sufficiently complex structures for which it makes
more sense to bump a reference counter than to make a copy.

The SSL_SESSION_free(3), X509_free(), and various other calls just
decrement the reference counter, with the object only actually freed
once the counter reaches 0.

Various functions (though not all, as documented for each function) that
return such objects to the application increment the refernce counter
(say initially from 1 to 2), and the application is then responsible for
decrementing it.  THe object is finally freed when any internal
reference is released (if that happens last).

Hi Viktor. Thanks for your reply.

I'm somewhat familiar with the reference count stuff from reading the doc on these (and other) functions. But it sounds like the behavior I'm seeing is expected, and OpenSSL is doing the actual free of the SSL_SESSION when the SSL_CTX is freed.

Is that accurate?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list