[Bug]: wolfSSL_get_session behavior changed with session cache

[embhorn]

Contact Details

[email protected]

Version

master

Description

wolfSSL_get_session is marked with WOLFSSL_ABI. In that case it will need different logic based on NO_SESSION_CACHE_REF

The resume example fails with --enable-all, but works with only --enable-session-ticket. Is this because of session cache? Is it expected not to work?
https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/client-tls-resume.c
Failure:

wolfSSL Entering ClientSessionToSession
Setting session for wrong role

It uses wolfSSL_get_session which gets a reference to the ssl->session pointer but that gets free'd with wolfSSL_free.

The example as is won't work with NO_SESSION_CACHE_REF defined.

To make things more interesting: without NO_SESSION_CACHE_REF wolfSSL_get_session returns a pointer to the ClientCache. That is why it works without --enable-all .

--enable-all turns on NO_SESSION_CACHE_REF

If we have changed behavior for some of our existing API’s especially ones marked with WOLFSSL_ABI we need to review this more closely. Forcing our examples to use get1 vs get seems wrong. If there is a build case (like with NO_SESSION_CACHE_REF that needs to use get1 then the example should have macro logic for each supported case.

wolfSSL_get_session is marked with WOLFSSL_ABI. In that case it will need different logic based on NO_SESSION_CACHE_REF .

Reproduction steps

No response

Relevant log output

No response

[dgarske]

wolfSSL/wolfssl-examples#368