On Tue, Jun 12, 2001 at 02:03:47AM +0900, K.Umesawa wrote:
> If i can't get Client-Certificate-Chain from ssl-session-cache and
> SSL_CLIENT_CERT_CHAIN_n,
> I thought the way only I can do is to delete a ssl-session-cache on
> every
> connection or time Apache start (I have to pick up the value of client
> chain....) .
The session cache should be cleared whenever apache is restarted.
Anyway, if you _must_ act this way, you can simply disable the
session cache. Then a new session is negotiated for every connection.
You should however be warned: for each new negotiation, Netscape
will ask the user about the client certificate to be used...
> But I don't know the way to delete a ssl-session-cache manually
> without using OpenSSL Library function(SSL_flush_session etc).
>
> If such DB file stores information of ssl session exists,
> where is a ssl-session-cache file which stores information of session?
> If such DB file don't exist,
> is there any way to delete a ssl-session-cache manually?
It probably won't help to delete the session. Once you note, that
the session does not contain the information needed, it is already
to late. The session stays active even though deleted from the cache
until the next connection is opened.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
