Joe Orton wrote:
The session cache interface in mod_ssl on the trunk is now mostly SSL-
and mod_ssl-agnostic with respect to the data storage and configuration.
There is still some tight coupling between the session cache and the
ssl_mutex interface, but that's next on my hit list.
Is there any interest in seeing this extracted from mod_ssl and made
available for general use? It could probably e.g. be used by
mod_auth_digest for the MD5-sess code, and I can think of some
third-party modules which could probably use it too (mod_gnutls).
My vague plan would be to finish de-SSL-ifying the code, then moving it
to modules/cache and calling it mod_sesscache or mod_socache ("small
object") or something along those lines.
Well I can think of a several applications for de-SSL-ifying or
specifically de-SSL_SESSION-ifying (i.e. being able to store things
other than SSL_SESSION) the code straight off.
Both SSL related.
The OCSP stapling patch hacked the cached OCSP response data into an
SSL_SESSION structure to minimised the changes. A general purpose object
cache would make it much cleaner.
If it could hold (potentially) larger objects or large numbers of small
objects then it could help make the CRL code more usable.
Steve.
--
Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute: www.oss-institute.org
OpenSSL Core team: www.openssl.org
