On Wed, Jul 28, 1999 at 06:32:56PM +0100, David J. Palaitis wrote:
> i had a problem with session ID reuse and openSSL0.9.2b
> i set the verify flags to
> SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
> but sessions weren't being reused,...
[...]
> SSL_set_session_id_context(fb->ssl,(UCHAR *)"dave",(UINT)4);
[...]
> it worked !
>
> something tells me that args 2 and 3 to SSL_set_session_id_context
> are not correct.
> does anyone know what type of info should go in there ?
You can use whatever you want (a pointer to the first element of an
unsigned char array as second argument, the array's length as third
argument). If your program uses multiple SSL_CTX's with different
client verification criteria, then they must have different session ID
contexts (note that you can use SSL_CTX_set_session_id_context and
don't usually have to set the context for each individual SSL):
Session IDs are used to decide whether reuse of a session is
acceptable on a specific connection.
This is really an issue only if you use an external cache, because
otherwise each SSL_CTX has its own separate cache, but the check is
always done (otherwise if a program that uses an external cache
forgets to set the session ID context, chances of noticing this error
by testing are minimal because most sessions would typically be in the
per-SSL_CTX cache).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
