All, We want to be able to handle long-lived connections/sessions, and we are therefore wondering about situations where a client or server certificate may expire either 1)after we have established a context, or 2)after a session has started. Perhaps the first question is: how often is a certificate validated? [if there are docs that describe the certificate lifecycle (I couldn't find them), pls point us to them!]
>From an initial digging into the code, it appears that the certificate is only >validated before a session is set up. So, if a cert expires after this, it >will never be detected as long as the session is running. Is this true? Do we have to programmatically manage expiring certs (dealing with expiring certs & adding new certs) within our app, or is it possible to point to a cert store that we can then update external to the app (e.g. with a new cert via the openSSL command line tool) and then have the openSSL lib manage it? Thanks! Paul
