hi!
we have a client program that uses external session database for session
caching. we have found a bug in client side session caching. or actually a
missing functionality.
after decoding stored session using d2i function the cipher parameter of
SSL_SESSION structure is zero. on server side the cipher field is filled
from cipher_id in ssl_sess.c function ssl_get_prev_session (this function
is used only in server side). in openssl 0.9.6b the relevant code looks
like this:
if (ret->cipher == NULL)
{
unsigned char buf[5],*p;
unsigned long l;
p=buf;
l=ret->cipher_id;
l2n(l,p);
if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
else
ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
if (ret->cipher == NULL)
goto err;
}
but there is no function to do it on the client side.
arne
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
