Re: [openssl-users] Example on SSL_SESSION_set_ex_data?
Sorry, I missed that call to SSL_set_session. No, you don't need to call SSL_set_session. SSL_get_session is a get0-type function; it just returns a copy of the pointer in the SSL object. So any changes you make to that SSL_SESSION object are to the one that's already in the SSL object. Calling SSL_set_session with the same session that's already in the SSL should be OK, because the code increments the reference count on the SSL_SESSION before calling SSL_SESSION_free - and so the free will just decrement the count again. But it doesn't do anything useful. (SSL_set_session could do a reference comparison on the existing and new sessions and return without doing anything if they're the same, but there's probably little real-world value in adding such an optimization.) The code's in ssl/ssl_sess.c (at least for 1.0.2), if you want to have a look for yourself. It's quite straightforward, which is not *always* the case with OpenSSL. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Eric To Sent: Thursday, August 25, 2016 09:29 To: openssl-users@openssl.org Subject: Re: [openssl-users] Example on SSL_SESSION_set_ex_data? Thanks Rich and Michael. That was it, I was under the impression that these set functions would behave like those i2d function that would put the actual data inside... as I don't want to deal with the deallocation later (as I am modifying apache's mod_ssl). This seems to work as I can immediately read it back (before I couldn't) with get_ex_data. Do I still need to call SSL_set_session to put the updated session back in the SSL? According to the documentation: "If there is already a session set inside ssl (because it was set with SSL_set_session() before or because the same ssl was already used for a connection), SSL_SESSION_free() will be called for that session." -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Example on SSL_SESSION_set_ex_data?
Thanks Rich and Michael. That was it, I was under the impression that these set functions would behave like those i2d function that would put the actual data inside... as I don't want to deal with the deallocation later (as I am modifying apache's mod_ssl). This seems to work as I can immediately read it back (before I couldn't) with get_ex_data. Do I still need to call SSL_set_session to put the updated session back in the SSL? According to the documentation: "If there is already a session set inside ssl (because it was set with SSL_set_session() before or because the same ssl was already used for a connection), SSL_SESSION_free() will be called for that session." > > BLAH b; > > b.blah = 12345; > > > > SSL_SESSION *session = SSL_get_session(ssl); > > SSL_SESSION_set_ex_data(session, my_data_idx, ); > > SSL_set_session(ssl, sess); > > Is "b" a stack variable? You should malloc it. > > -- > Senior Architect, Akamai Technologies > IM: richs...@jabber.at Twitter: RichSalz > > -- > > > (Top-posting because Outlook still can't handle HTML email correctly.) > > Unless I'm missing something, you're using the OpenSSL functions correctly > - though I admit I just looked at them here and didn't check the > documentation or my own use of them. Perhaps you're not using C correctly. > > We can't tell what the storage class of "b" is, because we don't have > context. Is it static or automatic? If it's automatic, then as soon as it > goes out of scope, bang - the pointer you've stored is invalid. > > The pointer you store should be to an object of static or dynamic storage > class. Static doesn't generally make sense, unless your sessions need to be > associated with one of a handful of objects that don't change after > creation. More typically you'd use a dynamic object. For example: > > static const BLAH blah0 = {0}; > BLAH *bp = malloc(sizeof *bp); > if (! bp) { error handling } > *bp = blah0; > bp->b = 12345; > ... > SSL_SESSION_set_ex_data(session, my_data_idx, bp); > > If you're using C++, of course, you'd want to create an object instance > using operator new, rather than calling malloc. But the principle remains > the same - don't use a pointer to an object which will be invalidated when > it goes out of scope. > > Michael Wojcik > Distinguished Engineer, Micro Focus > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Example on SSL_SESSION_set_ex_data?
(Top-posting because Outlook still can't handle HTML email correctly.) Unless I'm missing something, you're using the OpenSSL functions correctly - though I admit I just looked at them here and didn't check the documentation or my own use of them. Perhaps you're not using C correctly. We can't tell what the storage class of "b" is, because we don't have context. Is it static or automatic? If it's automatic, then as soon as it goes out of scope, bang - the pointer you've stored is invalid. The pointer you store should be to an object of static or dynamic storage class. Static doesn't generally make sense, unless your sessions need to be associated with one of a handful of objects that don't change after creation. More typically you'd use a dynamic object. For example: static const BLAH blah0 = {0}; BLAH *bp = malloc(sizeof *bp); if (! bp) { error handling } *bp = blah0; bp->b = 12345; ... SSL_SESSION_set_ex_data(session, my_data_idx, bp); If you're using C++, of course, you'd want to create an object instance using operator new, rather than calling malloc. But the principle remains the same - don't use a pointer to an object which will be invalidated when it goes out of scope. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Eric To Sent: Wednesday, August 24, 2016 15:50 To: openssl-users@openssl.org Subject: [openssl-users] Example on SSL_SESSION_set_ex_data? Can someone give an example on how to use the SSL_SESSION_set_ex_data? I'm trying to set custom information in apache mod_ssl and after trying many different ways, but can't get it to stick... struct st_blah_t { int blah; } BLAH; my_data_idx = SSL_SESSION_get_ex_new_index(0, "BLAH", NULL, NULL, NULL); BLAH b; b.blah = 12345; SSL_SESSION *session = SSL_get_session(ssl); SSL_SESSION_set_ex_data(session, my_data_idx, ); SSL_set_session(ssl, sess); Am I using the functions right? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Example on SSL_SESSION_set_ex_data?
> BLAH b; > b.blah = 12345; > > SSL_SESSION *session = SSL_get_session(ssl); > SSL_SESSION_set_ex_data(session, my_data_idx, ); > SSL_set_session(ssl, sess); Is "b" a stack variable? You should malloc it. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users