The attached patch implements (and the attached POD documents) a function 
SSL_SESSION_get_session_id, which can be used to extract a session ID from an 
SSL_SESSION object.  The session ID can then be used as an index in session 
caching schemes.

The patch is against 0.9.7d sources, and needs to be applied in the ssl 
directory.
*** ssl_sess.c.orig	2004-10-11 13:02:25.000000000 -0400
--- ssl_sess.c	2004-10-11 13:45:06.000000000 -0400
***************
*** 65,70 ****
--- 65,86 ----
  static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
  static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
  
+ /* Copy at most buflen bytes of the session id in sp into the user-supplied
+  * buffer buf.  Return the actual length of the session ID */
+ int SSL_SESSION_get_session_id(SSL_SESSION *sp, unsigned char *buf, int buflen)
+ {
+ 	if(!sp || !buf || !buflen)
+ 	/* Should probably push an error on the stack here... */
+ 		return -1;
+ 	/* Lock the session to make sure it sticks around */
+ 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
+ 	memcpy(buf, sp->session_id,
+ 		/* Length is the lesser of session_id_length or buflen */
+ 		sp->sesssion_id_length>buflen?buflen:sp->session_id_length);
+ 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
+ 	return sp->session_id_length;
+ }
+ 
  SSL_SESSION *SSL_get_session(SSL *ssl)
  /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
  	{
*** ssl.h.orig	2004-10-11 13:31:25.000000000 -0400
--- ssl.h	2004-10-11 13:38:06.000000000 -0400
***************
*** 1390,1395 ****
--- 1390,1396 ----
  int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
  	const char *CApath);
  #define SSL_get0_session SSL_get_session /* just peek at pointer */
+ int SSL_SESSION_get_session_id(SSL_SESSION *sp, unsigned char *buf, int buflen);
  SSL_SESSION *SSL_get_session(SSL *ssl);
  SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
  SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
=pod

=head1 NAME

SSL_SESSION_get_session_id - retrieve the session ID from a session

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 int SSL_SESSION_get_session_id(SSL_SESSION *sp, unsigned char *buf,
	int buflen);

=head1 DESCRIPTION

SSL_SESSION_get_session_id() copies the session ID from the B<SSL_SESSION>
object C<sp> into the buffer C<buf>.  At most C<buflen> bytes are copied
to the supplied buffer.

=head1 RETURN VALUES

SSL_SESSION_get_session_id() returns the actual length of the session ID,
or -1 if there is a parameter error.

=head1 SEE ALSO

L<ssl(3)|ssl(3)>, L<SSL_free(3)|SSL_free(3)>,
L<SSL_clear(3)|SSL_clear(3)>,
L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>

=cut

Reply via email to