Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
About the usage of SSL_get_ex_new_index
716 views
Skip to first unread message
Bruce (Riji) Cai
Feb 7, 2012, 11:50:17 AM2/7/12
to
Hi all,
From man page of SSL_CTX_set_verify, I saw this example snippet:
/*********************** snippet begin *********************************/
...
mydata_t mydata;
...
mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
...
SSL_set_ex_data(ssl, mydata_index, &mydata);
/*********************** snippet end *********************************/
My questions are:
1. Why it gets index from a global instead of from the specific ssl session context?
2. This returned index increased for each time even for different ssl connection, I don’t know why, though I saw some comments in manpage of RSA_get_ex_new_index, saying “Each successful call to RSA_get_ex_new_index() will return an index greater than any previously returned, this is important because the optional functions are called in order of increasing index value.” But I can’t understand why “this is important”.
3. If I have multiple simultaneous ssl connections, for each connection, can I NOT call SSL_get_ex_new_index, and store my private data by directly writing to index 0 position, e.g. SSL_set_ex_data(ssl, 0, &mydata) ? Then I get back the data in by calling mydata = SSL_get_ex_data(ssl,0).
Thanks for your attention.
Dr. Stephen Henson
Feb 7, 2012, 12:27:20 PM2/7/12
to
which can then be used in any SSL structure after the call. So you call that
once on application start and before starting any threads and store the
returned value somewhere and reuse it for each subsequent SSL structure you
want to attach ex_data to.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Bruce (Riji) Cai
Feb 8, 2012, 1:09:22 AM2/8/12
to
Not quite sure, but to my understand, the "ex_data" is saved into per ssl connection context, so the index to it should be per connection scope.
While from my observation, the returned index is increased when SSL_get_ex_new_index is called once, no matter called by A connection or B connection.
In some case, I have only one private data, and I don't want to pass the index var to every piece of code, so can I just save the ex_data directly to index 0 and get it out from 0 when needed?
Reading to openssl source code to understand what it does, is a bit painful, although I tried to...
Thanks
While from my observation, the returned index is increased when SSL_get_ex_new_index is called once, no matter called by A connection or B connection.
In some case, I have only one private data, and I don't want to pass the index var to every piece of code, so can I just save the ex_data directly to index 0 and get it out from 0 when needed?
Reading to openssl source code to understand what it does, is a bit painful, although I tried to...
Thanks
Bruce Stephens
Feb 8, 2012, 10:50:29 AM2/8/12
to
"Bruce (Riji) Cai" <bcai-zm9q81NV...@public.gmane.org>
writes:
> Not quite sure, but to my understand, the "ex_data" is saved into per
> ssl connection context, so the index to it should be per connection
> scope.
That's not correct, no. The ex_data mechanism can be used to store many
different things into each SSL connection (similarly for other
structures). Each such kind of thing can get its own index using
SSL_get_ex_new_index, and so each can work independently on the same
connection without interference.
SSL_get_ex_new_index is giving an index for all SSL objects, not any
specific one---it's a global operation.
> While from my observation, the returned index is increased when
> SSL_get_ex_new_index is called once, no matter called by A connection
> or B connection.
>
> In some case, I have only one private data, and I don't want to pass
> the index var to every piece of code,
So use a global of some sort (file static or whatever). I don't see the
problem.
> so can I just save the ex_data directly to index 0 and get it out from
> 0 when needed?
You can, and maybe it'll be OK, but you risk conflicts if something else
in your application also wants to use the ex_data mechanism on
SSLs. Using SSL_get_ex_new_index correctly removes that possible problem
(presuming the other code is also using it correctly, of course).
[...]
writes:
> Not quite sure, but to my understand, the "ex_data" is saved into per
> ssl connection context, so the index to it should be per connection
> scope.
different things into each SSL connection (similarly for other
structures). Each such kind of thing can get its own index using
SSL_get_ex_new_index, and so each can work independently on the same
connection without interference.
SSL_get_ex_new_index is giving an index for all SSL objects, not any
specific one---it's a global operation.
> While from my observation, the returned index is increased when
> SSL_get_ex_new_index is called once, no matter called by A connection
> or B connection.
>
> In some case, I have only one private data, and I don't want to pass
> the index var to every piece of code,
problem.
> so can I just save the ex_data directly to index 0 and get it out from
> 0 when needed?
in your application also wants to use the ex_data mechanism on
SSLs. Using SSL_get_ex_new_index correctly removes that possible problem
(presuming the other code is also using it correctly, of course).
[...]
Wim Lewis
Feb 8, 2012, 3:09:38 PM2/8/12
to
On 7 Feb 2012, at 8:50 AM, Bruce (Riji) Cai wrote:
> Hi all,
>
> From man page of SSL_CTX_set_verify, I saw this example snippet:
>
> /*********************** snippet begin *********************************/
> ...
>
> mydata_t mydata;
>
> ...
> mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
>
> ...
> SSL_set_ex_data(ssl, mydata_index, &mydata);
>
> /*********************** snippet end *********************************/
> My questions are:
>
> 1. Why it gets index from a global instead of from the specific ssl session context?
> 2. This returned index increased for each time even for different ssl connection, I don’t know why, though I saw some comments in manpage of RSA_get_ex_new_index, saying “Each successful call to RSA_get_ex_new_index() will return an index greater than any previously returned, this is important because the optional functions are called in order of increasing index value.” But I can’t understand why “this is important”.
> 3. If I have multiple simultaneous ssl connections, for each connection, can I NOT call SSL_get_ex_new_index, and store my private data by directly writing to index 0 position, e.g. SSL_set_ex_data(ssl, 0, &mydata) ? Then I get back the data in by calling mydata = SSL_get_ex_data(ssl,0).
Here is an old posting to the mailing list explaining the ex_index stuff in a different way; perhaps it will be clearer:
http://www.mail-archive.com/openss...@openssl.org/msg52322.html
Message has been deleted
Message has been deleted
0 new messages