Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
Matt Caswell
matt at openssl.org
Thu Oct 21 09:47:11 UTC 2021
On 21/10/2021 09:48, Paramashivaiah, Sunil wrote:
> Hi All,
>
> Please let me know how I can replace the below 1.0.2 code to 3.0
>
> * SSL_SESSION data;*
>
> * SSL_SESSION *ret=NULL;*
>
> **
>
> * data.ssl_version = sessVersion;*
>
> * data.session_id_length= sessIdLen;*
>
> **
>
> * memcpy(data.session_id, sessId, sessIdLen);*
>
> * CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);*
>
> **
>
> * ret= (SSL_SESSION *)lh_retrieve((_LHASH *)sslCtx->sessions, &data);*
>
> **
>
> * CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);*
>
I don't think this is currently possible (at least not easily).
There is no way to access the session hash lock at the moment. There
*is* a way to get hold of the session hash itself using
SSL_CTX_sessions(). That's not particularly useful, because without
access to the lock you would have to do your own locking to ensure that
no libssl functions were being called by other threads at the same time
as the retrieval from the hash.
Also we don't expose the function lh_SSL_SESSION_retrieve() which is
what we use internally for retrieving out of the session hash (this is
actually possibly a bug) - although you could use the type generic
OPENSSL_LH_retrieve function (lh_retrieve in your code above is just a
macro for OPENSSL_LH_retrieve in 3.0)
If your objective is simply to determine whether such a hash entry
exists or not then you could instead use SSL_has_matching_session_id():
https://www.openssl.org/docs/man3.0/man3/SSL_has_matching_session_id.html
Matt
More information about the openssl-users
mailing list