Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
On Thu, May 26, 2016, at 14:52, Matt Caswell wrote: > > One of the modules maintains the server-side SSL session cache, > > comprised of SSL_SESSION objects. For debugging purposes, there's a > > tool to dump out the sessions in the cache. I had initially used > > SSL_SESSION_print() for this dump utility, but that prints out more of > > the session data (e.g. the master key) than I'd wanted. Thus I ended up > > writing my own code for printing out the fields of the SSL_SESSION which > > I thought would be of interest -- including the protocol version of the > > SSL_SESSION. > > That sounds fairly reasonable. I suggest raising a github pull request > to add the accessor (or just an issue if you prefer). Done; see: https://github.com/openssl/openssl/pull/1135 Thanks, TJ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
On Thu, May 26, 2016 at 09:58:09PM +, Viktor Dukhovni wrote:
> The following should work:
>
> const char *get_session_protocol(SSL_CTX *ctx, SSL_SESSION *session)
> {
> const char *protocol;
> SSL_CTX *tmp_ctx = NULL;
>
> /* Typically you'd pass in a suitable non-NULL ctx */
> if (ctx == NULL)
> ctx = tmp_ctx = SSL_CTX_new(TLS_method());
>
> ssl = SSL_new(ctx);
> SSL_set_session(ssl, session);
> protocol = SSL_get_version(ssl);
>
> SSL_free(ssl);
> SSL_CTX_free(tmp_ctx);
>
> return protocol;
> }
But it does not, sorry about that. The session version is not
directly copied to the SSL object.
--
Viktor.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
On Thu, May 26, 2016 at 10:45:54PM +0100, Matt Caswell wrote:
> > Using OpenSSL-1.0.x, I currently use:
> >
> > ssl_version = sess->ssl_version;
> >
> > However, I don't see an equivalent accessor in the 1.1.x APIs. Have I
> > missed something, or does such a thing not exist yet?
>
> I don't think such a thing exists at the moment. Out of interest why do
> you need it?
The following should work:
const char *get_session_protocol(SSL_CTX *ctx, SSL_SESSION *session)
{
const char *protocol;
SSL_CTX *tmp_ctx = NULL;
/* Typically you'd pass in a suitable non-NULL ctx */
if (ctx == NULL)
ctx = tmp_ctx = SSL_CTX_new(TLS_method());
ssl = SSL_new(ctx);
SSL_set_session(ssl, session);
protocol = SSL_get_version(ssl);
SSL_free(ssl);
SSL_CTX_free(tmp_ctx);
return protocol;
}
--
Viktor.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
On 26/05/16 22:48, TJ Saunders wrote: > > >>> I'm currently working on updating proftpd and its various modules to >>> work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is >>> to determine the SSL protocol version, given an SSL_SESSION pointer. >>> >>> Using OpenSSL-1.0.x, I currently use: >>> >>> ssl_version = sess->ssl_version; >>> >>> However, I don't see an equivalent accessor in the 1.1.x APIs. Have I >>> missed something, or does such a thing not exist yet? >> >> I don't think such a thing exists at the moment. Out of interest why do >> you need it? > > One of the modules maintains the server-side SSL session cache, > comprised of SSL_SESSION objects. For debugging purposes, there's a > tool to dump out the sessions in the cache. I had initially used > SSL_SESSION_print() for this dump utility, but that prints out more of > the session data (e.g. the master key) than I'd wanted. Thus I ended up > writing my own code for printing out the fields of the SSL_SESSION which > I thought would be of interest -- including the protocol version of the > SSL_SESSION. That sounds fairly reasonable. I suggest raising a github pull request to add the accessor (or just an issue if you prefer). Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
> > I'm currently working on updating proftpd and its various modules to > > work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is > > to determine the SSL protocol version, given an SSL_SESSION pointer. > > > > Using OpenSSL-1.0.x, I currently use: > > > > ssl_version = sess->ssl_version; > > > > However, I don't see an equivalent accessor in the 1.1.x APIs. Have I > > missed something, or does such a thing not exist yet? > > I don't think such a thing exists at the moment. Out of interest why do > you need it? One of the modules maintains the server-side SSL session cache, comprised of SSL_SESSION objects. For debugging purposes, there's a tool to dump out the sessions in the cache. I had initially used SSL_SESSION_print() for this dump utility, but that prints out more of the session data (e.g. the master key) than I'd wanted. Thus I ended up writing my own code for printing out the fields of the SSL_SESSION which I thought would be of interest -- including the protocol version of the SSL_SESSION. Cheers, TJ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?
On 26/05/16 22:27, TJ Saunders wrote: > > I'm currently working on updating proftpd and its various modules to > work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is > to determine the SSL protocol version, given an SSL_SESSION pointer. > > Using OpenSSL-1.0.x, I currently use: > > ssl_version = sess->ssl_version; > > However, I don't see an equivalent accessor in the 1.1.x APIs. Have I > missed something, or does such a thing not exist yet? I don't think such a thing exists at the moment. Out of interest why do you need it? Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
