openssl/doc/ssl/SSL_SESSION_free.pod
Lutz Jänicke aa8a33c230 Update information as a partial response to the post
From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!
2001-10-12 12:29:57 +00:00

55 lines
2.1 KiB
Text

=pod
=head1 NAME
SSL_SESSION_free - free an allocated SSL_SESSION structure
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_SESSION_free(SSL_SESSION *session);
=head1 DESCRIPTION
SSL_SESSION_free() decrements the reference count of B<session> and removes
the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
memory, if the the reference count has reached 0.
=head1 NOTES
SSL_SESSION objects are allocated, when a TLS/SSL handshake operation
is successfully completed. Depending on the settings, see
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
the SSL_SESSION objects are internally referenced by the SSL_CTX and
linked into its session cache. SSL objects may be using the SSL_SESSION object;
as a session may be reused, several SSL objects may be using one SSL_SESSION
object at the same time. It is therefore crucial to keep the reference
count (usage information) correct and not delete a SSL_SESSION object
that is still used, as this may lead to program failures due to
dangling pointers. These failures may also appear delayed, e.g.
when an SSL_SESSION object was completely freed as the reference count
incorrectly became 0, but it is still referenced in the internal
session cache and the cache list is processed during a
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> operation.
SSL_SESSION_free() must only be called for SSL_SESSION objects, for
which the reference count was explicitly incremented (e.g.
by calling SSL_get1_session(), see L<SSL_get_session(3)|SSL_get_session(3)>)
or when the SSL_SESSION object was generated outside a TLS handshake
operation, e.g. by using L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>.
It must not be called on other SSL_SESSION objects, as this would cause
incorrect reference counts and therefore program failures.
=head1 RETURN VALUES
SSL_SESSION_free() does not provide diagnostic information.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
=cut