subject:"Re\: \[openssl\-users\] Example on SSL_SESSION_set_ex

Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

2016-08-25 Thread Michael Wojcik

Sorry, I missed that call to SSL_set_session. No, you don't need to call 
SSL_set_session. SSL_get_session is a get0-type function; it just returns a 
copy of the pointer in the SSL object. So any changes you make to that 
SSL_SESSION object are to the one that's already in the SSL object.

Calling SSL_set_session with the same session that's already in the SSL should 
be OK, because the code increments the reference count on the SSL_SESSION 
before calling SSL_SESSION_free - and so the free will just decrement the count 
again. But it doesn't do anything useful.

(SSL_set_session could do a reference comparison on the existing and new 
sessions and return without doing anything if they're the same, but there's 
probably little real-world value in adding such an optimization.)

The code's in ssl/ssl_sess.c (at least for 1.0.2), if you want to have a look 
for yourself. It's quite straightforward, which is not *always* the case with 
OpenSSL.

Michael Wojcik
Distinguished Engineer, Micro Focus



From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Eric To
Sent: Thursday, August 25, 2016 09:29
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

Thanks Rich and Michael.

That was it, I was under the impression that these set functions would behave 
like those i2d function that would put the actual data inside... as I don't 
want to deal with the deallocation later (as I am modifying apache's mod_ssl). 
This seems to work as I can immediately read it back (before I couldn't) with 
get_ex_data.


Do I still need to call SSL_set_session to put the updated session back in the 
SSL?
According to the documentation:
"If there is already a session set inside ssl (because it was set with 
SSL_set_session() before or because the same ssl was already used for a 
connection), SSL_SESSION_free() will be called for that session."


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

2016-08-25 Thread Eric To

Thanks Rich and Michael.

That was it, I was under the impression that these set functions would
behave like those i2d function that would put the actual data inside... as
I don't want to deal with the deallocation later (as I am modifying
apache's mod_ssl). This seems to work as I can immediately read it back
(before I couldn't) with get_ex_data.


Do I still need to call SSL_set_session to put the updated session back in
the SSL?
According to the documentation:
"If there is already a session set inside ssl (because it was set with
SSL_set_session() before or because the same ssl was already used for a
connection), SSL_SESSION_free() will be called for that session."





> > BLAH b;
> > b.blah = 12345;
> >
> > SSL_SESSION *session = SSL_get_session(ssl);
> > SSL_SESSION_set_ex_data(session, my_data_idx, );
> > SSL_set_session(ssl, sess);
>
> Is "b" a stack variable?  You should malloc it.
>
> --
> Senior Architect, Akamai Technologies
> IM: richs...@jabber.at Twitter: RichSalz
>
> --
>
>
> (Top-posting because Outlook still can't handle HTML email correctly.)
>
> Unless I'm missing something, you're using the OpenSSL functions correctly
> - though I admit I just looked at them here and didn't check the
> documentation or my own use of them. Perhaps you're not using C correctly.
>
> We can't tell what the storage class of "b" is, because we don't have
> context. Is it static or automatic? If it's automatic, then as soon as it
> goes out of scope, bang - the pointer you've stored is invalid.
>
> The pointer you store should be to an object of static or dynamic storage
> class. Static doesn't generally make sense, unless your sessions need to be
> associated with one of a handful of objects that don't change after
> creation. More typically you'd use a dynamic object. For example:
>
> static const BLAH blah0 = {0};
> BLAH *bp = malloc(sizeof *bp);
> if (! bp) { error handling }
> *bp = blah0;
> bp->b = 12345;
> ...
> SSL_SESSION_set_ex_data(session, my_data_idx, bp);
>
> If you're using C++, of course, you'd want to create an object instance
> using operator new, rather than calling malloc. But the principle remains
> the same - don't use a pointer to an object which will be invalidated when
> it goes out of scope.
>
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

2016-08-24 Thread Michael Wojcik

(Top-posting because Outlook still can't handle HTML email correctly.)

Unless I'm missing something, you're using the OpenSSL functions correctly - 
though I admit I just looked at them here and didn't check the documentation or 
my own use of them. Perhaps you're not using C correctly.

We can't tell what the storage class of "b" is, because we don't have context. 
Is it static or automatic? If it's automatic, then as soon as it goes out of 
scope, bang - the pointer you've stored is invalid.

The pointer you store should be to an object of static or dynamic storage 
class. Static doesn't generally make sense, unless your sessions need to be 
associated with one of a handful of objects that don't change after creation. 
More typically you'd use a dynamic object. For example:

static const BLAH blah0 = {0};
BLAH *bp = malloc(sizeof *bp);
if (! bp) { error handling }
*bp = blah0;
bp->b = 12345;
...
SSL_SESSION_set_ex_data(session, my_data_idx, bp);

If you're using C++, of course, you'd want to create an object instance using 
operator new, rather than calling malloc. But the principle remains the same - 
don't use a pointer to an object which will be invalidated when it goes out of 
scope.

Michael Wojcik
Distinguished Engineer, Micro Focus


From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Eric To
Sent: Wednesday, August 24, 2016 15:50
To: openssl-users@openssl.org
Subject: [openssl-users] Example on SSL_SESSION_set_ex_data?

Can someone give an example on how to use the SSL_SESSION_set_ex_data?
I'm trying to set custom information in apache mod_ssl and after trying many 
different ways, but can't get it to stick...

struct st_blah_t {
  int blah;
} BLAH;

my_data_idx = SSL_SESSION_get_ex_new_index(0, "BLAH", NULL, NULL, NULL);

BLAH b;
b.blah = 12345;

SSL_SESSION *session = SSL_get_session(ssl);
SSL_SESSION_set_ex_data(session, my_data_idx, );
SSL_set_session(ssl, sess);

Am I using the functions right?


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

2016-08-24 Thread Salz, Rich

> BLAH b;
> b.blah = 12345;
> 
> SSL_SESSION *session = SSL_get_session(ssl);
> SSL_SESSION_set_ex_data(session, my_data_idx, );
> SSL_set_session(ssl, sess);

Is "b" a stack variable?  You should malloc it.

--  
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

4 matches

Site Navigation

Mail list logo

Footer information