On Wed, Apr 05, 2000 at 11:05:49AM +0200, Amnon Cohen wrote:
> > > 1) I have a multithreaded client which connects to the server using
> > > multiple sockets. How do I make the client verify the server
> certificate
> > > only once, say on the initial SSL_connect, and not for subsequent
> > > connects?
> > >
> >
> > > I think this will be the default if you are caching connection session
> > > information.
>
>
> It does not work for me.
> How do you cache connection session information in a client?
The client _can_not_ successfully cache sessions. The reason is, that
the SSL client must name one specific session to be reused upon start of
the negotiation. Since the SSL layer has no idea on the server it is connected
to, it can not make a reasonable choice on the session to be reused.
The application is responsible to make that choice.
Store the session externally and then use the SSL_set_session() call to
choose the session just before the SSL_connect().
(There was an answer about how to retrieve sessions from Geoff Thorpe earlier
today.)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
