Getting SSL_SESSION remaining lifetime
Jaya Muthiah
jeevhi at gmail.com
Thu Sep 16 02:41:44 UTC 2021
I am trying to get the remaining lifetime of the ticket so that server can
decide to renew ticket or not
I have defined callback like this, and it is working. However, the
SSL_SESSION_get_ticket_lifetime_hint() always returns zero.
SSL_CTX_set_session_ticket_cb(ctx->ctx, ticket_gen_cb, ticket_dec_cb, NULL);
SSL_TICKET_RETURN ticket_dec_cb(SSL *s, SSL_SESSION *ss, const unsigned
char *keyname, size_t keyname_len, SSL_TICKET_STATUS status, void *arg) {
SSL_TICKET_RETURN res;
int lifetime = 0;
switch (status) {
case SSL_TICKET_EMPTY:
case SSL_TICKET_NO_DECRYPT:
res = SSL_TICKET_RETURN_IGNORE_RENEW;
break;
case SSL_TICKET_SUCCESS:
//get_session_ticket_appdata(ssl, ssl_session);
res = SSL_TICKET_RETURN_USE;
break;
case SSL_TICKET_SUCCESS_RENEW:
lifetime = SSL_SESSION_get_ticket_lifetime_hint(ss);
//res = SSL_TICKET_RETURN_USE_RENEW; // generate
new ticket
res = SSL_TICKET_RETURN_USE; // reuse old
break;
default:
res = SSL_TICKET_RETURN_IGNORE;
}
return res;
}
Is this the right way? Can someone help please?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210916/0c426260/attachment-0001.html>
More information about the openssl-users
mailing list