I think I found a bug (which has no real effect) in d2i_SSL_SESSION().
In the code snippet below from my point of view the SSL3_VERSION should read SSL3_VERSION_MAJOR or even 3 (literal)!
if ((ssl_version>>8) == SSL3_VERSION) i=SSL3_MAX_SSL_SESSION_ID_LENGTH; else /* if (ssl_version == SSL2_VERSION) */ i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
This has no effect because SSL3_MAX_SSL_SESSION_ID_LENGTH and SSL2_MAX_SSL_SESSION_ID_LENGTH are both defined to 32
And further up in the code the line
else if ((ssl_version>>8) == 3)
should then read the same.
regards
Matthias
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]