https://issues.apache.org/bugzilla/show_bug.cgi?id=56324
--- Comment #6 from Dennis Clarke <[email protected]> --- A bit of followup. I run httpd in forground and in a debugger and then query for a webpage which is actually a cgi script that fetches SSL_SESSION_ID and I see this with a breakpoint inside ssl_engine_vars.c at line 356 : Reading libmd_psr.so.1 (dbx) t@27 (l@27) stopped in ssl_var_lookup_ssl at line 356 in file "ssl_engine_vars.c" 356 result = "Initial"; (dbx) print sslconn sslconn = 0x10030c368 (dbx) print sslconn sslconn = 0x10030c368 (dbx) print *sslconn *sslconn = { ssl = 0x10032dac0 client_dn = (nil) client_cert = (nil) shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD verify_info = (nil) verify_error = (nil) verify_depth = 1 is_proxy = 0 disabled = 0 non_ssl_request = NON_SSL_OK reneg_state = RENEG_REJECT server = 0x100242018 } (dbx) print var var = 0xffffffff71141944 "SESSION_RESUMED" This makes sense given my breakpoint. What truely is of interest to me is if we have a valid session identifier or not. (dbx) print SSL_SESSION_ID_STRING_LEN SSL_SESSION_ID_STRING_LEN = 66 (dbx) print SSL_get_session(ssl) SSL_get_session(ssl) = 0x10032d4b0 (dbx) x 0x10032d4b0 / 64 x 0x000000010032d4b0: 0x0000 0x0303 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x000000010032d4c0: 0x0000 0x0030 0xf085 0xf49e 0x4744 0xb570 0xac8c 0x9eff 0x000000010032d4d0: 0x9126 0xc226 0x82fc 0xd10e 0xfbc4 0x5161 0x0e32 0x1466 0x000000010032d4e0: 0x41fc 0x5ff0 0x9ea3 0x56c3 0xb5e2 0x8f80 0xd31c 0xd1a7 0x000000010032d4f0: 0x99b3 0x02e2 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x000000010032d500: 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x000000010032d510: 0x0000 0x0000 0x0000 0x0000 0x0000 0x0020 0x3734 0x6538 0x000000010032d520: 0x6262 0x6435 0x6266 0x3162 0x3863 0x3739 0x3965 0x6539 (dbx) This last bit looks like an error on my part and I may need to write a bit of hackary into ssl_engine_vars.c at line 356 wherein we know we have an initial session. There I can perhaps use id = pSession->session_id; idlen = pSession->session_id_length; To see what session identifier should be. The RFCs are not entirely clear on the need for SSL_SESSION_ID and I must check this further. However the initial client hello in the SSL handshake does return a session identifier when tested with openssl client. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
