diff options
| author | Lutz Jänicke <jaenicke@openssl.org> | 2001-10-12 12:29:16 +0000 |
|---|---|---|
| committer | Lutz Jänicke <jaenicke@openssl.org> | 2001-10-12 12:29:16 +0000 |
| commit | 56fa8e69cf1e742da8087de60152519127c79983 (patch) | |
| tree | aa026c22408adb0da69eecf11396115a26322396 /doc/ssl/d2i_SSL_SESSION.pod | |
| parent | 67d0738aba4988a239d57f6cd7aa36cf27df1f92 (diff) | |
Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
Subject: Implementation Issues with OpenSSL
To: openssl-users@openssl.org
Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
Diffstat (limited to 'doc/ssl/d2i_SSL_SESSION.pod')
| -rw-r--r-- | doc/ssl/d2i_SSL_SESSION.pod | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/doc/ssl/d2i_SSL_SESSION.pod b/doc/ssl/d2i_SSL_SESSION.pod index 9a1ba6c47b..0321a5a36f 100644 --- a/doc/ssl/d2i_SSL_SESSION.pod +++ b/doc/ssl/d2i_SSL_SESSION.pod @@ -30,7 +30,17 @@ session data on disk or into a database, it must be transformed into a binary ASN1 representation. When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically -allocated. +allocated. The reference count is 1, so that the session must be +explicitly removed using L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, +unless the SSL_SESSION object is completely taken over, when being called +inside the get_session_cb() (see +L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>). + +SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object's session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object). When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be large enough to hold the binary representation of the session. There is no @@ -50,7 +60,7 @@ When the session is not valid, B<0> is returned and no operation is performed. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, +L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)> =cut |