openssl/doc/ssl/d2i_SSL_SESSION.pod
Lutz Jänicke 56fa8e69cf Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
2001-10-12 12:29:16 +00:00

67 lines
2.6 KiB
Plaintext

=pod
=head1 NAME
d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 representation
=head1 SYNOPSIS
#include <openssl/ssl.h>
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length);
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
=head1 DESCRIPTION
d2i_SSL_SESSION() transforms the external ASN1 representation of an SSL/TLS
session, stored as binary data at location B<pp> with length B<length>, into
an SSL_SESSION object.
i2d_SSL_SESSION() transforms the SSL_SESSION object B<in> into the ASN1
representation and stores it into the memory location pointed to by B<pp>.
The length of the resulting ASN1 representation is returned. If B<pp> is
the NULL pointer, only the length is calculated and returned.
=head1 NOTES
The SSL_SESSION object is built from several malloc()ed parts, it can
therefore not be moved, copied or stored directly. In order to store
session data on disk or into a database, it must be transformed into
a binary ASN1 representation.
When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
allocated. The reference count is 1, so that the session must be
explicitly removed using L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
unless the SSL_SESSION object is completely taken over, when being called
inside the get_session_cb() (see
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
SSL_SESSION objects keep internal link information about the session cache
list, when being inserted into one SSL_CTX object's session cache.
One SSL_SESSION object, regardless of its reference count, must therefore
only be used with one SSL_CTX object (and the SSL objects created
from this SSL_CTX object).
When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
large enough to hold the binary representation of the session. There is no
known limit on the size of the created ASN1 representation, so the necessary
amount of space should be obtained by first calling i2d_SSL_SESSION() with
B<pp=NULL>, and obtain the size needed, then allocate the memory and
call i2d_SSL_SESSION() again.
=head1 RETURN VALUES
d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION
object. In case of failure the NULL-pointer is returned and the error message
can be retrieved from the error stack.
i2d_SSL_SESSION() returns the size of the ASN1 representation in bytes.
When the session is not valid, B<0> is returned and no operation is performed.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
=cut