On Wed, Dec 17, 2014 at 02:37:08AM -0800, Sean Leonard wrote: > Hi OpenSSL devs: > > I am putting the finishing touches on an Internet-Draft for textual > encodings of security structures > <http://tools.ietf.org/html/draft-josefsson-pkix-textual-09>, which OpenSSL > refers to as the "PEM format". > > While reviewing OpenSSL's behavior, I noticed a few esoteric labels (see > pem.h): > #define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" > (note, this is supposed to encapsulate a CertificatePair structure from > X.509) > #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" > #define PEM_STRING_PARAMETERS "PARAMETERS" > (note, this label does not have any algorithms in it, so I presume it > refers to some kind of generic parameter structure) > > Do these labels have practical use? I have not seen them in the wild. Why > are they in OpenSSL? Are they ever used for interchange with other > implementations, or are they specific to OpenSSL's own purposes?
I know that the ssl session parameters can be read and written by s_client and sess_id. It can be used to resume a session. applications can store the session information in a database or something like that to later be able to resume the session. But I don't think anything uses it without openssl. It's stored in an SSL_SESSION_ASN1 which is an internal only structure that can changed between versions. Only the version that has written that should be able to read it. Kurt _______________________________________________ openssl-dev mailing list [email protected] https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
