Question: session_id_context in server context is always 1 (Integer)

[xjikka]

Hi, I noticed that in TIdSecContext.InitContext() (server mode) the code calls:

SSL_CTX_set_session_id_context(fContext, PByte(@fSessionId), SizeOf(fSessionId));

but fSessionId is declared as an Integer and is always initialized as:

fSessionId := 1;

Is there a specific reason why the session_id_context is a constant value (1) across all server contexts?

From my understanding, session_id_context is used to scope TLS session resumption, so using a fixed value might allow session resumption across different SSL_CTX instances within the same process (e.g. multiple servers with different certificates / client-CA verification settings).

Also, using an Integer as raw bytes feels a bit platform-dependent (endianness / size differences). I realize Integer is currently 32-bit on common Delphi/FPC targets, so it works “for now”, but it doesn’t seem like a very stable/portable way to define a byte-context.

Was this intended as a placeholder/default, or should it be derived from something unique and deterministic (e.g. certificate/public key fingerprint, service name/port, etc.)?

Thanks!

[xjikka]

Closing as the repository appears to be abandoned/inactive.