OpenBSD manual page server

Manual Page Search Parameters

D2I_SSL_SESSION(3) Library Functions Manual D2I_SSL_SESSION(3)

d2i_SSL_SESSION, i2d_SSL_SESSIONconvert SSL_SESSION object from/to ASN1 representation

#include <openssl/ssl.h>

d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length);

i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);

() transforms the external ASN1 representation of an SSL/TLS session, stored as binary data at location pp with length length, into an SSL_SESSION object.

() transforms the SSL_SESSION object in into the ASN1 representation and stores it into the memory location pointed to by pp. The length of the resulting ASN1 representation is returned. If pp is the NULL pointer, only the length is calculated and returned.

The SSL_SESSION object is built from several malloc(3)-ed parts; it can therefore not be moved, copied or stored directly. In order to store session data on disk or into a database, it must be transformed into a binary ASN1 representation.

When using (), the SSL_SESSION object is automatically allocated. The reference count is 1, so that the session must be explicitly removed using SSL_SESSION_free(3), unless the SSL_SESSION object is completely taken over, when being called inside the (), see SSL_CTX_sess_set_get_cb(3).

SSL_SESSION objects keep internal link information about the session cache list when being inserted into one SSL_CTX object's session cache. One SSL_SESSION object, regardless of its reference count, must therefore only be used with one SSL_CTX object (and the SSL objects created from this SSL_CTX object).

When using (), the memory location pointed to by pp must be large enough to hold the binary representation of the session. There is no known limit on the size of the created ASN1 representation, so call i2d_SSL_SESSION() first with pp=NULL to obtain the encoded size, before allocating the required amount of memory and calling i2d_SSL_SESSION() again. Note that this will advance the value contained in *pp so it is necessary to save a copy of the original allocation. For example:

char	*p, *pp;
int	 elen, len;

elen = i2d_SSL_SESSION(sess, NULL);
p = pp = malloc(elen);
if (p != NULL) {
	len = i2d_SSL_SESSION(sess, &pp);
	assert(elen == len);
	assert(p + len == pp);

d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION object. In case of failure a NULL pointer is returned and the error message can be retrieved from the error stack.

i2d_SSL_SESSION() returns the size of the ASN1 representation in bytes. When the session is not valid, 0 is returned and no operation is performed.

d2i_X509(3), ssl(3), SSL_CTX_sess_set_get_cb(3), SSL_SESSION_free(3)

d2i_SSL_SESSION() and i2d_SSL_SESSION() first appeared in SSLeay 0.5.2 and have been available since OpenBSD 2.4.

June 8, 2019 OpenBSD-7.3