Hi Maxim, I, naively maybe, thought the following would work. At an incoming request, nginx checks whether the session is new or resumed. * new: it retrieves the chain, calls X509_chain_up_ref and stores a mapping from session ID to the chain pointer * resumed: it retrieves the session ID, looks up the pointer from the mapping and retrieves the chain from the pointer
At session timeout nginx should drop the session ID from the mapping and calls X509_free on each certificate in the chain. Best, Rob Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288553,288600#msg-288600 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
