HP OpenVMS Systems Documentation

Content starts here
HP Open Source Security for OpenVMS Volume 2: HP SSL for OpenVMS > Appendix A Data Structures and Header Files

SSL_SESSION Structure

  Table of Contents

  Index

The SSL_SESSION structure is defined in ssl.h.

/* Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
* version INTEGER, -- structure version number
* SSLversion INTEGER, -- SSL version number
* Cipher OCTET_STRING, -- the 3 byte cipher ID
* Session_ID OCTET_STRING, -- the Session ID
* Master_key OCTET_STRING, -- the master key
* Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
* Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context
* Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer'
* Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
* }
* Look in ssl/ssl_asn1.c for more details
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
*/

typedef struct ssl_session_st

{
int ssl_version; /* what ssl version session info is
* being kept in here? */

/* only really used in SSLv2 */

unsigned int key_arg_length;
unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
int master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];

/* session_id - valid? */

unsigned int session_id_length;
unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];

/* this is used to determine whether the session is being reused in
* the appropriate context. It is up to the application to set this,
* via SSL_new */

unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
int not_resumable;

/* The cert is the certificate used to establish this connection */

struct sess_cert_st /* SESS_CERT */ *sess_cert;

/* This is the cert for the other end.
* On clients, it will be the same as sess_cert->peer_key->x509
* (the latter is not enough as sess_cert is not retained
* in the external representation of sessions, see ssl_asn1.c). */

X509 *peer;

/* when app_verify_callback accepts a session where the peer's certificate
* is not ok, we must remember the error for session reuse: */

long verify_result; /* only for servers */

int references;
long timeout;
long time;
int compress_meth; /* Need to lookup the method */

SSL_CIPHER *cipher;

unsigned long cipher_id; /* when ASN.1 loaded, this

* needs to be used to load
* the 'cipher' structure */

STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
CRYPTO_EX_DATA ex_data; /* application specific data */

/* These are used to make removal of session-ids more
* efficient and to implement a maximum cache size. */

struct ssl_session_st *prev,*next;

} SSL_SESSION;