Net::SSLeay and SESSION-ID

cpc has asked for the wisdom of the Perl Monks concerning the following question: ⭐ (http and ftp clients)

Hi, I am looking for a way to get and set SSL session-ID on an SSL client.
It is relatively easy to do in C, but I didn't find a way to do that with Net:SSLeay.

Basically, I want to make a loop in the following program:

use Socket;
use Net::SSLeay qw(die_now die_if_ssl_error copy_session_id);
Net::SSLeay::load_error_strings();
Net::SSLeay::SSLeay_add_ssl_algorithms();
Net::SSLeay::randomize();

my $msg = "GET / HTTP/1.0";
my $dest_ip = gethostbyname("cisco.com");
my $dest_serv_params = sockaddr_in( 443, $dest_ip );
socket( S, &AF_INET, &SOCK_STREAM, 0 ) or die "socket: $!";
connect( S, $dest_serv_params ) or die "connect: $!";
my $ctx = Net::SSLeay::CTX_new()
   or die_now("Failed to create SSL_CTX $!  ");
Net::SSLeay::CTX_set_options( $ctx,&Net::SSLeay::OP_NO_SSLv2 )
   and die_if_ssl_error("ssl ctx set options");
my $ssl = Net::SSLeay::new($ctx)
   or die_now("Failed to create SSL $!");

Net::SSLeay::set_fd( $ssl, fileno(S) );
my $res = Net::SSLeay::connect($ssl)
   and die_if_ssl_error("ssl connect");
my $res = Net::SSLeay::write( $ssl, $msg . "\n\n" );
die_if_ssl_error("ssl write");
my $got = Net::SSLeay::read($ssl);
die_if_ssl_error("ssl read");
print $got;
Net::SSLeay::free($ssl);
Net::SSLeay::CTX_free($ctx);
close S;
[download]

Originally posted as a Categorized Question.

Comment on Net::SSLeay and SESSION-ID Download Code

Replies are listed 'Best First'.
Re: Net::SSLeay and SESSION-ID⭐ by cpc (Hermit) on Jun 30, 2003 at 22:50 UTC
I found the way. Have to use the Net::SSLeay::get_session and Net::SSLeay::set_session fuctions as well as keeping the old session object ($ssl1). #!/usr/bin/perl -w use Socket; use strict; use Net::SSLeay qw(die_now die_if_ssl_error copy_session_id); Net::SSLeay::load_error_strings(); Net::SSLeay::SSLeay_add_ssl_algorithms(); Net::SSLeay::randomize(); my ($res,$got); my $msg = "GET / HTTP/1.0"; my $dest_ip = gethostbyname("cisco.com"); my $dest_serv_params = sockaddr_in( 443, $dest_ip ); socket( S, &AF_INET, &SOCK_STREAM, 0 ) or die "socket: $!"; connect( S, $dest_serv_params ) or die "connect: $!"; my $ctx = Net::SSLeay::CTX_new() or die_now("Cannot create SSL_CTX $!" +); Net::SSLeay::CTX_set_options( $ctx,&Net::SSLeay::OP_NO_SSLv2 ) and die +_if_ssl_error("ssl ctx set options"); my $ssl1 = Net::SSLeay::new($ctx) or die_now("Cannot create SSL #1 $!" +); Net::SSLeay::set_fd( $ssl1, fileno(S) ); $res = Net::SSLeay::connect($ssl1) and die_if_ssl_error("ssl connect") +; $res = Net::SSLeay::write( $ssl1, $msg . "\n\n" ); die_if_ssl_error("ssl write"); $got = Net::SSLeay::read($ssl1); die_if_ssl_error("ssl read"); print $got; close S; socket( S, &AF_INET, &SOCK_STREAM, 0 ) or die "socket: $!"; connect( S, $dest_serv_params ) or die "connect: $!"; my $ssl2 = Net::SSLeay::new($ctx) or die_now("Cannot create SSL #2 $!" +); Net::SSLeay::set_session($ssl2,Net::SSLeay::get_session($ssl1)); Net::SSLeay::set_fd( $ssl2, fileno(S) ); $res = Net::SSLeay::connect($ssl2) and die_if_ssl_error("ssl connect") +; $res = Net::SSLeay::write( $ssl2, $msg . "\n\n" ); die_if_ssl_error("ssl write"); $got = Net::SSLeay::read($ssl2); die_if_ssl_error("ssl read"); print $got; Net::SSLeay::free($ssl1); Net::SSLeay::free($ssl2); Net::SSLeay::CTX_free($ctx); close S; [download]	[reply] [d/l]
Re: Net::SSLeay and SESSION-ID by Anonymous Monk on Jul 03, 2004 at 19:31 UTC
There is no need to retain $ssl1. The only requirement is that both $ssl objects come from the same $ctx.	[reply]
Re: Net::SSLeay and SESSION-ID by Anonymous Monk on Jul 03, 2004 at 21:01 UTC
Actually you need to call get1_session rather than get_session so that the reference count of the session object is not decreased and it is not freed from memory. get1_session is absent from SSLeay.xs however you can add it using the get_session prototype. See "Network Security with OpenSSL", page 152.	[reply]
Re: Net::SSLeay and SESSION-ID by Anonymous Monk on Jul 03, 2004 at 20:37 UTC
No I am wrong you need to keep $ssl1.	[reply]

Back to Seekers of Perl Wisdom