Hi, Currently OpenSSL doesn't re-validate server certificate if existing SSL session is reused using SSL_set_session(). Server certificate chain also is not stored in SSL session.
Is it intentional behavior or just not implemented feature/bug? It would be great to have server certificate validated independently how SSL session was negotiated. -- Ivan Zhakov ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
