On Sun, Feb 04, 2001 at 07:30:27PM +0100, Gil Peeters wrote:
> > On Sun, Feb 04, 2001 at 06:12:39PM +0100, Gil Peeters wrote:
> > > After calling SSL_shutdown() is it still nesc to close the underlying
> > > socket associated with the SSL Connection?
> >
> > SSL_shutdown() will only send the close-alert to the peer and switch the
> > setting of the SSL to "shutdown mode".
> > It does not touch the underlying connection, so: yes, you have to close the
> > underlying socket connection yourself.
>
> So closing the socket will not hurt. Will this be a problem if I want to re-use
> the session??? i.e will closing the userlying socket cause problems when
> re-using the session info.
No. The network/socket layer does not affect the session handling, but
see below.
> > > Is it also nesc to free() the SSL stuct return from SSL_new() or is that
> > > done somewher in the shutdown?
> > Once you have called SSL_shutdown(), you can either free the SSL object
> > via SSL_free() (call SSL_new() to obtain a new one later) or call
> > SSL_clear() to reset the SSL object and make it ready for a new connection.
>
> I notice in the code for SSL_free that the SSL_SESSION is also freed. (call to
> SS_SESSIO_free). Will the SSL_SESSION still be 'cached' because I told the
> SSL_CTX to cahce client sessions?
The session in question should have a reference count of two, because it
is used two times. Once it is used in the SSL object, once it is contained
in the cache. SSL_SESSION_free() will only reduce the reference count once,
as the SSL object will be deleted. This leaves one reference count for
the session still being in the cache.
But: just before the SSL_SESSION_free() there is a
ssl_clear_bad_session(s);
When the session was not successfully closed (if you reverse engineer the
source you will easily find what I mean) by either calling SSL_shutdown()
or SSL_set_shutdown() for the SSL before SSL_free(), the session will be
considered faulty and will be removed from the cache, so that after the
SSL_free() it will be finally gone.
I am currently writing the manual pages for the session caching but this
is one of the things that I have to add in the next days.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
