(02-20-2019, 07:39 PM)Codehunter Wrote: This is what I'm tried to do here.
Yes, you pointed that out earlier in this same discussion thread.
(02-20-2019, 07:39 PM)Codehunter Wrote: I have seen that OnStatusInfoEx is multiple fired and the neccessary arrays are not filled at every stage. AWhere=SSL_CB_HANDSHAKE_DONE is a good hint, this was the detail what I've been missing. As I said before, I'm not a SSL expert.
That is what documentation is good for. The OnStatusInfo/Ex events are triggered by an info callback registered via SSL_CTX_set_info_callback(), it describes what the status parameters mean.
(02-20-2019, 07:39 PM)Codehunter Wrote: Currently I'm checking every time if the arrays are filled and if so, my NSS file is ready to write.
Well, now you can be more strategic about it so you do it at the correct time.
(02-20-2019, 07:39 PM)Codehunter Wrote: But: You said that OnStatusInfoEx is not a good idea to do this because for future changes related to OpenSSL 1.1 and TLS 1.3. This is what stopped me today :-)
That is not what I said.
I never said you would have to stop using the OnStatusInfo/Ex events in OpenSSL 1.1+. Far from it. The events will continue to work the same as before.
Your OnStatusInfo/Ex code is directly accessing internal data fields of OpenSSL's SSL object. So, what I actually said is that you won't be able to directly access the data fields anymore in OpenSSL 1.1+. They have been hidden in OpenSSL 1.1+'s API going forward, tucked behind a new opaque abstraction layer so OpenSSL devs can make future changes to internal structures without worrying about breaking any user code, as was the case prior to OpenSSL 1.1. As such, you will have to use new getter functions that OpenSSL provides (specifically, SSL_SESSION_get_master_key() and SSL_get_client_random() in your situation).
I never said you could not access OpenSSL 1.1+'s internal data at all, only that you will have to change HOW you access the data.