Hey guys!
I've just stumbled following flag while trying to debug node.js test
failures regarding to the `renegotiate` method that I've just added. What I
was wondering is, basically, why isn't OpenSSL sending CertificateRequest
to client if it sees that session was resumed?
Particularly, my
Hello,
There is an option available:
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
Descroption laconicaly states:
When performing renegotiation as a server, always start a new session
(i.e., session resumption requests are only accepted in the initial
handshake). This option is not needed
Sorry,
Some explanations available in sources ssl/t1_lib.c:
==
- Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
if they provide for changing an explicit servername context for the
session,
i.e. when