Update information as a partial response to the post

  From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!

1 files changed, 6 insertions, 0 deletions

diff --git a/doc/ssl/SSL_get_session.pod b/doc/ssl/SSL_get_session.pod
index a0266e2ac6..8547faa58b 100644
--- a/doc/ssl/SSL_get_session.pod
+++ b/doc/ssl/SSL_get_session.pod
@@ -40,6 +40,12 @@ If the data is to be kept, SSL_get1_session() will increment the reference
 count and the session will stay in memory until explicitly freed with
 L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, regardless of its state.
 
+SSL_SESSION objects keep internal link information about the session cache
+list, when being inserted into one SSL_CTX object's session cache.
+One SSL_SESSION object, regardless of its reference count, must therefore
+only be used with one SSL_CTX object (and the SSL objects created
+from this SSL_CTX object).
+
 =head1 RETURN VALUES
 
 The following return values can occur: