OK, so now that SSL works a bit, we need to start talking about plugins. The simplest (and therefore the first) is the session cache. Although this feels a bit weird to me, I guess that needs to be modelled as some hooks. The two hooks required would be one that puts something in the cache, and one that gets something out. Their interfaces should look like this (I guess): add_to_cache(const unsigned char *aucKey,int nKey,const unsigned char *aucData,int nData,time_t tExpiry); get_from_cache(const unsigned char **paucData,int *pnData,time_t *ptExpiry,const unsigned char *aucKey,int nKey); I presume that add_to_cache should run all of them, and get_from_cache should run to the first one not returning DECLINED. This would allow local, global and distributed caches to all coexist happily. I think. One complication is that OpenSSL's cache doesn't store the client certificate chain (if there is one) - I'm still not quite sure whether this should be fixed in OpenSSL, or whether mod_tls should (optionally) do it itself. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
