Lutz Jaenicke wrote:
>
> On Mon, Jan 22, 2001 at 04:41:41PM -0800, Nagaraj Bagepalli wrote:
> > Thanks for your response. If I understand this correctly, certificate
> > is stored in the session table so that application can retrieve it
> > in the resumed connections (in case it needs it), but from the ssl
> > protocol point of view client certificate is not used any where
> > other than establishing the new session..
>
> No, it is not used in the handshake again (that's why it must be kept inside
> the stored session).
IIRC the client certificate is _not_ stored in the session (at least, it
used not to be - Apache-SSL has to work around this in its own caching).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
