Looking for best practices for session cache client
Sylvain MARECHAL
I have to develop a simple ssl client. Currently, it works, but to
improve performance, I try to anderstand the session cache client mecanism.
Here is what I have anderstood. Can someone tell me if I'm right ?
After looking in the man page, I see that cache should be enabled with
this call :
SSL_CTX_set_session_cache_mode( ctx, SSL_SESS_CACHE_CLIENT )
When I want to reuse a connection, I have to call :
SSL_set_session( ssl, session)
just before calling SSL_connect()
In fact, the problem is to find this session object.
As there is no functions (as I think) to access this cache client, the
only way to access the cache is to implement it as an external cache
using the callback function :
SSL_CTX_sess_set_new_cb( ctx, new_session_cb ).
As I anderstand, this is called each time a new session should be added
in the cache
Then, in this callback, I have to save the session in the ASN1
representation with this call :
int cb = i2d_SSL_SESSION(sess, NULL );
unsigned char * pasn1data = (char *)malloc( cb );
i2d_SSL_SESSION(sess, &pasn1data );
Then to store this session somewhere with the server infos (host, port)
as a key to access this info :
add_in_my_session_store( host, port, pasn1data, cb );
Then, each time I need to find a session, I have to look in my cache
and, if session is found, to transform it back in a SESSION object :
SESSION find_session( char * host, int port )
{
unsigned char * pasn1data; int cb;
if( find_in_my_session_store( host, port, &pasn1data, &cb )
{
SESSION * sess = d2i_SSL_SESSION(NULL, &pasn1data, cb);
return sess;
}
return NULL;
}
To remove a session, I implements the callback :
SSL_CTX_sess_set_remove_cb( ctx, remove_session_cb )
remove_session_cb() is called with the session to remove. Then, it's
time to remove it from our external cache. A solution to find the server
infos (host,port) is to attach it to each session using
SSL_SESSION_set_ex_data() before adding session in the cache, and to use
SSL_SESSION_get_ex_data() to find the server infos being able to remove
the session from the cache :
ServerInfo * psi = (ServerInfo *)SSL_SESSION_get_ex_data( idx, sess );
if( psi )
{
remove_from_my_session_store( host, port );
}
What I find strange is that I have to redevelop something that already
exist internally in openssl.
And I suppose that if I set the cache size to 1 with
SSL_CTX_sess_set_cache_size(ctx, 1) to be sure nothing is stored in the
internal cache, then I will have to clean myself my external cache
without using the remove_session_cb() callbacks so I think all this
stuff sould be done in this case in the new_session_cb().
Sorry for this long email, and thanks in advance,
Sylvain
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org