The following sequence of calls will fail when my_session->ssl_version == SSL2_VERSION: SSL_set_session(my_ssl, my_session); SSL_set_connect_state(my_ssl); /* Probably not really needed, but doesn't matter */ SSL_connect(my_ssl); /* Returns -1 */ ERR_print_error(my_errbio); The printout will be: 28:error:140750DD:SSL routines:SSL23_CONNECT:ssl23 doing session id reuse:s23_clnt.c:132: ... or something very similar. The reason for all this is actually that ssl23_get_method() (which is called downstreams from SSL_set_session()) in s23_meth.c will return the result of SSLv23_method() when presented with SSL2_VERSION as input argument, while it will give the results from SSLv3_method() and TLSv1_method() for SSL3_VERSION and TLS1_VERSION respectively. What happens next is that ssl23_connect() is called with an SSL in the state SSL_ST_CONNECT|SSL_ST_BEFORE. The first thing that is checked is if there's a session connected to the SSL, and if there is, the error given above is signaled. Unless someone tells me the behavior of ssl23_get_method() is correct visavi SSLv2, I'll change it ro return the result of SSLv2_method(). -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, Celo Communications: http://www.celocom.com/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Session reuse on client side when the session runs SSLv2 fails
Richard Levitte - VMS Whacker Thu, 01 Mar 2001 10:08:11 -0800
- Re: Session reuse on client side when the se... Richard Levitte - VMS Whacker
- Re: Session reuse on client side when t... Lutz Jaenicke
- Re: Session reuse on client side when t... Richard Levitte - VMS Whacker
- Re: Session reuse on client side wh... Lutz Jaenicke