RSA BSAFE Micro Edition Suite

Streamlined security for mobile and embedded devices
Search  Print

SSL_SESSION Reference

This structure contains SSL session identifier information.

The information contains:

  • Shared secret (or master key).
  • SSL protocol version.
  • Session identifier value (or unique index for the specific session identifier structure).
  • Certificate used when creating the structure (if applicable). The client only has an entry if a client certificate was returned.
  • Peer certificate used when creating the structure (if applicable).
  • Time-out information.
  • Cipher used.
  • Digest used.

    An SSL_SESSION structure also contains all information for decoding a pre-recorded connection (that is, it encapsulates the result of the handshake exchange).

    After completing the SSL handshake, an SSL_SESSION structure exists. For a client, an SSL_SESSION can be specified before the handshake. In this case, session identifier reuse is attempted. If the session identifier reuse attempt fails, (or there is no SSL_SESSION structure), a new structure is created and optionally added to the session identifier cache.

    See also:
    SSL_SESSION_print()
    Samples:

    app_cache.c.

    #include <sslctx_st.h> 

    struct ssl_session_st
{
    int ssl_version;

    unsigned int key_arg_length;

    unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];

    int master_key_length;

    unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];

    unsigned int session_id_length;

    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];

    unsigned int sid_ctx_length;

    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

    int not_resumable;

    struct cert_st *cert;

    SSLCERT *peer;

    int references;

    long timeout;

    R_TIME_T *time;

#ifndef NO_COMP
    COMP_CTX *compress_meth;
#endif

    SSL_CIPHER *cipher;

    unsigned long cipher_id;

    STACK *ciphers; /* SSL_CIPHER shared ciphers? */

#ifndef SSLC_SMALL_CODE
    /* Small code builds do not support ex_data */

    CRYPTO_EX_DATA ex_data; /* Application-specific data */
#endif /* !SSLC_SMALL_CODE */

#if (!defined(SSLC_SMALL_CODE) && !defined(NO_SESSION_CACHE))
    /* Small code builds do not support linked lists of sessions that
     * are used by the traditional session caching code only
     */

    /*
     * These are used to make removal of session ids more
     * efficient and to implement a maximum cache size.
     */
    struct ssl_session_st *prev,*next;
#endif /* !SSLC_SMALL_CODE && !NO_SESSION_CACHE */
};

    Data Fields

    int ssl_version
     The SSL protocol version.

    unsigned int key_arg_length
     The length of the key argument. More...

    unsigned char key_arg [SSL_MAX_KEY_ARG_LENGTH]
     The key argument. More...

    int master_key_length
     The length of the master key.

    unsigned char master_key [SSL_MAX_MASTER_KEY_LENGTH]
     The pre-master secret.

    unsigned int session_id_length
     The length of the session id data, which depends upon the protocol version.

    unsigned char session_id [SSL_MAX_SSL_SESSION_ID_LENGTH]
     A block of random Bytes that uniquely identifies a session within a session cache. More...

    unsigned int sid_ctx_length
     The length of the session id context.

    unsigned char sid_ctx [SSL_MAX_SID_CTX_LENGTH]
     The context is used by mod_ssl to associate session data with a connection on a particular "host:port". More...

    int not_resumable
     Indicates that the session should not be used to establish new SSL connections. More...

    struct cert
     The certificate structure used to establish this connection.

    SSLCERTpeer
     The certificate from the peer. More...

    int references
     The reference count for the session information. More...

    long timeout
     The period, in seconds, for which the session information is valid.

    R_TIME_T* time
     The time the session was created.

    SSL_CIPHERcipher
     A reference to the static definition for the cipher suite that the session has negotiated.

    unsigned long cipher_id
     An id value that is used to retrieve the reference to the cipher suite definition after the session data has been loaded via the ASN.1 conversion routines for session data. More...

    Field Documentation

    unsigned long cipher_id
     

    An id value that is used to retrieve the reference to the cipher suite definition after the session data has been loaded via the ASN.1 conversion routines for session data. These routines do not know SSL_CIPHER internal details and cannot save or load cipher definitions.

    unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]
     

    The key argument. Only used in SSLv2.

    unsigned int key_arg_length
     

    The length of the key argument. Only used in SSLv2.

    int not_resumable
     

    Indicates that the session should not be used to establish new SSL connections. SSL connections that have already been established with this session information remain valid. Meaningful only for SSLv2 and SSLv3/TLSv1. Valid values are 0 and 1.

    SSLCERT* peer
     

    The certificate from the peer. This is the same as the value for cert->x509.

    int references
     

    The reference count for the session information. Each time an object needs to refer to the session information it must increment the reference count. When the object no longer needs this data it must free the session information.

    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]
     

    A block of random Bytes that uniquely identifies a session within a session cache. The amount of session id data depends upon the SSL protocol version.

    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]
     

    The context is used by mod_ssl to associate session data with a connection on a particular "host:port". Only used to support mod_ssl.

    Copyright (c) 1999-2005 RSA Security Inc. All rights reserved. 072-001001-2100-001-000 - 2.1