Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
On Thu, May 26, 2016, at 14:52, Matt Caswell wrote: > > One of the modules maintains the server-side SSL session cache, > > comprised of SSL_SESSION objects. For debugging purposes, there's a > > tool to dump out the sessions in the cache. I had initially used > > SSL_SESSION_print() for this dump utility, but that prints out more of > > the session data (e.g. the master key) than I'd wanted. Thus I ended up > > writing my own code for printing out the fields of the SSL_SESSION which > > I thought would be of interest -- including the protocol version of the > > SSL_SESSION. > > That sounds fairly reasonable. I suggest raising a github pull request > to add the accessor (or just an issue if you prefer). Done; see: https://github.com/openssl/openssl/pull/1135 Thanks, TJ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
On Thu, May 26, 2016 at 09:58:09PM +, Viktor Dukhovni wrote: > The following should work: > > const char *get_session_protocol(SSL_CTX *ctx, SSL_SESSION *session) > { > const char *protocol; > SSL_CTX *tmp_ctx = NULL; > > /* Typically you'd pass in a suitable non-NULL ctx */ > if (ctx == NULL) > ctx = tmp_ctx = SSL_CTX_new(TLS_method()); > > ssl = SSL_new(ctx); > SSL_set_session(ssl, session); > protocol = SSL_get_version(ssl); > > SSL_free(ssl); > SSL_CTX_free(tmp_ctx); > > return protocol; > } But it does not, sorry about that. The session version is not directly copied to the SSL object. -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
On Thu, May 26, 2016 at 10:45:54PM +0100, Matt Caswell wrote: > > Using OpenSSL-1.0.x, I currently use: > > > > ssl_version = sess->ssl_version; > > > > However, I don't see an equivalent accessor in the 1.1.x APIs. Have I > > missed something, or does such a thing not exist yet? > > I don't think such a thing exists at the moment. Out of interest why do > you need it? The following should work: const char *get_session_protocol(SSL_CTX *ctx, SSL_SESSION *session) { const char *protocol; SSL_CTX *tmp_ctx = NULL; /* Typically you'd pass in a suitable non-NULL ctx */ if (ctx == NULL) ctx = tmp_ctx = SSL_CTX_new(TLS_method()); ssl = SSL_new(ctx); SSL_set_session(ssl, session); protocol = SSL_get_version(ssl); SSL_free(ssl); SSL_CTX_free(tmp_ctx); return protocol; } -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
On 26/05/16 22:48, TJ Saunders wrote: > > >>> I'm currently working on updating proftpd and its various modules to >>> work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is >>> to determine the SSL protocol version, given an SSL_SESSION pointer. >>> >>> Using OpenSSL-1.0.x, I currently use: >>> >>> ssl_version = sess->ssl_version; >>> >>> However, I don't see an equivalent accessor in the 1.1.x APIs. Have I >>> missed something, or does such a thing not exist yet? >> >> I don't think such a thing exists at the moment. Out of interest why do >> you need it? > > One of the modules maintains the server-side SSL session cache, > comprised of SSL_SESSION objects. For debugging purposes, there's a > tool to dump out the sessions in the cache. I had initially used > SSL_SESSION_print() for this dump utility, but that prints out more of > the session data (e.g. the master key) than I'd wanted. Thus I ended up > writing my own code for printing out the fields of the SSL_SESSION which > I thought would be of interest -- including the protocol version of the > SSL_SESSION. That sounds fairly reasonable. I suggest raising a github pull request to add the accessor (or just an issue if you prefer). Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
> > I'm currently working on updating proftpd and its various modules to > > work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is > > to determine the SSL protocol version, given an SSL_SESSION pointer. > > > > Using OpenSSL-1.0.x, I currently use: > > > > ssl_version = sess->ssl_version; > > > > However, I don't see an equivalent accessor in the 1.1.x APIs. Have I > > missed something, or does such a thing not exist yet? > > I don't think such a thing exists at the moment. Out of interest why do > you need it? One of the modules maintains the server-side SSL session cache, comprised of SSL_SESSION objects. For debugging purposes, there's a tool to dump out the sessions in the cache. I had initially used SSL_SESSION_print() for this dump utility, but that prints out more of the session data (e.g. the master key) than I'd wanted. Thus I ended up writing my own code for printing out the fields of the SSL_SESSION which I thought would be of interest -- including the protocol version of the SSL_SESSION. Cheers, TJ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
On 26/05/16 22:27, TJ Saunders wrote: > > I'm currently working on updating proftpd and its various modules to > work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is > to determine the SSL protocol version, given an SSL_SESSION pointer. > > Using OpenSSL-1.0.x, I currently use: > > ssl_version = sess->ssl_version; > > However, I don't see an equivalent accessor in the 1.1.x APIs. Have I > missed something, or does such a thing not exist yet? I don't think such a thing exists at the moment. Out of interest why do you need it? Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev