Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0

Matt Caswell matt at openssl.org
Thu Oct 21 09:47:11 UTC 2021



On 21/10/2021 09:48, Paramashivaiah, Sunil wrote:
> Hi All,
> 
>           Please let me know how I can replace the below 1.0.2 code to 3.0
> 
> *    SSL_SESSION data;*
> 
> *    SSL_SESSION *ret=NULL;*
> 
> **
> 
> *    data.ssl_version = sessVersion;*
> 
> *    data.session_id_length= sessIdLen;*
> 
> **
> 
> *    memcpy(data.session_id, sessId,  sessIdLen);*
> 
> *    CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);*
> 
> **
> 
> *    ret= (SSL_SESSION *)lh_retrieve((_LHASH *)sslCtx->sessions, &data);*
> 
> **
> 
> *    CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);*
> 

I don't think this is currently possible (at least not easily).

There is no way to access the session hash lock at the moment. There 
*is* a way to get hold of the session hash itself using 
SSL_CTX_sessions(). That's not particularly useful, because without 
access to the lock you would have to do your own locking to ensure that 
no libssl functions were being called by other threads at the same time 
as the retrieval from the hash.

Also we don't expose the function lh_SSL_SESSION_retrieve() which is 
what we use internally for retrieving out of the session hash (this is 
actually possibly a bug) - although you could use the type generic 
OPENSSL_LH_retrieve function (lh_retrieve in your code above is just a 
macro for OPENSSL_LH_retrieve in 3.0)

If your objective is simply to determine whether such a hash entry 
exists or not then you could instead use SSL_has_matching_session_id():
https://www.openssl.org/docs/man3.0/man3/SSL_has_matching_session_id.html

Matt



More information about the openssl-users mailing list