Lutz Jaenicke wrote:
On Wed, Dec 17, 2003 at 03:37:19PM +0000, Philip L Smith wrote:I thought probably not, but was just trying other things...
I connect fine from one process, display it's details using a version of SSL_SESSION_print(out,x)...
(taken from sess_id.c), then save the session in use to a file
This is the output from the session that works...
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 570C00004ADA4D6E3CABB0A26535A1636E8E26A6939C2E97F13EB31DF1777376
Session-ID-ctx:
Master-Key: 5B5A672CDB645FB6A1E79B53FF23F1447AC2CFE225DB28B7CE7BC14F1D8D3CBDDD10E9FCDC40A1F0DA5E9518D562A56D
Key-Arg :
Start Time: 1071659840
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
In the next process, I then re-load the session from disk and set it to be the one to use
(along with some other stuff put in to try and make it work).
// add to all contexts - 1 means not added as already in the cache...
int added = 0;
added = SSL_CTX_set_session_cache_mode(m_pSslV23Ctx, SSL_SESS_CACHE_CLIENT);
added = SSL_CTX_add_session(m_pSslV23Ctx, &s);
It should not be necessary to add the session to the CTX.
I'm using OpenSSL 0.9.7b 10 Apr 2003, and also have the bug workarounds on
// force it to be used ?...
added = SSL_set_session(m_pSslV23Connection, ps);
===
This is what is then displayed.
Protocol : TLSv1
Cipher : 0004
Session-ID: 570C00004ADA4D6E3CABB0A26535A1636E8E26A6939C2E97F13EB31DF1777376
Session-ID-ctx:
Master-Key: 5B5A672CDB645FB6A1E79B53FF23F1447AC2CFE225DB28B7CE7BC14F1D8D3CBDDD10E9FCDC40A1F0DA5E9518D562A56D
Key-Arg :
Start Time: 1071659840
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
=======
The Cipher is displayed as the cipher_id, as the cipher is NULL.
Yes. This is no problem in itself, as the cipher is a pointer to an internal structure and thus cannot be saved, but the cipher id is a re-usable value. The pointer will however automatically be regenerated, but this will only happen during the actual negotiation. So you cannot see it before starting the handshake.
... Changes between 0.9.6g and 0.9.6h [5 Dec 2002] ... *) Bugfix: client side session caching did not work with external caching, because the session->cipher setting was not restored when reloading from the external cache. This problem was masked, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set. (Found by Steve Haslam <[EMAIL PROTECTED]>.) [Lutz Jaenicke]
What version of OpenSSL are you using?
Best regards,
Lutz
// switch on bug workarounds SSL_CTX_set_options(m_pSslV23Ctx,SSL_OP_ALL);
Does this branch have the fixes in too ?
Anything else I need to check ?
Thanks for the help
Phil -- Philip L Smith Managing Director, Marketgrid Ltd
E: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
W: http://www.marketgrid.com/
T: +44 (0)1725 513521
M: +44 (0)7905 955321
Authorised MySQL Support and Consulting Partner <http://www.mysql.com/portal/partners/item-100.html>
(http://www.mysql.com/portal/partners/item-100.html)
Please Note:
This text is confidential. If you are not the named addressee, it could be unlawful
for you to read, copy, distribute, disclose or use the information contained herewith.
If you are not the intended recipient please telephone +44 (0)1725 513521.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
