Bodo Moeller wrote:
> It appears to me that while it is reasonable to employ the same
> cert_st structure for SSL_CTX's and SSL's (if the inconsistencies in
> the current code are removed, as I suggested in the first paragraph),
> the re-use of cert_st for sessions makes not a lot of sense
> altogether; that is, not only is the current implementation broken,
> but a corrected one should use a specific data structure that
> is appropriate for its needs instead of kludging around with cert_st.
I certainly agree that they current situation is a mess - adding session
IDs was very confusing because of all this. I'm not sure exactly what
you think cert_st shouldn't be used for - storing cert chains?
Anyway, I agree that it needs sorting out. Not sure exactly how, though.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
