Getting SSL_SESSION remaining lifetime

Jaya Muthiah jeevhi at
Thu Sep 16 02:41:44 UTC 2021

I am trying to get the remaining lifetime of the ticket so that server can
decide to renew ticket or not

I have defined callback like this, and it is working. However, the
SSL_SESSION_get_ticket_lifetime_hint() always returns zero.

SSL_CTX_set_session_ticket_cb(ctx->ctx, ticket_gen_cb, ticket_dec_cb, NULL);

SSL_TICKET_RETURN ticket_dec_cb(SSL *s, SSL_SESSION *ss, const unsigned
char *keyname, size_t keyname_len, SSL_TICKET_STATUS status, void *arg) {
        SSL_TICKET_RETURN res;
int lifetime = 0;

        switch (status) {
                case SSL_TICKET_EMPTY:
                case SSL_TICKET_NO_DECRYPT:
                        res = SSL_TICKET_RETURN_IGNORE_RENEW;

                case SSL_TICKET_SUCCESS:
                        //get_session_ticket_appdata(ssl, ssl_session);
                        res = SSL_TICKET_RETURN_USE;

                case SSL_TICKET_SUCCESS_RENEW:
                        lifetime = SSL_SESSION_get_ticket_lifetime_hint(ss);
                        //res = SSL_TICKET_RETURN_USE_RENEW; // generate
new ticket
                        res = SSL_TICKET_RETURN_USE; // reuse old

                        res = SSL_TICKET_RETURN_IGNORE;

        return res;

Is this the right way? Can someone help please?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list